<!doctype debiandoc system [
<!-- include version information so we don't have to hard code it
     within the document -->
<!entity % versiondata SYSTEM "version.ent"> %versiondata;
<!-- current Debian changes file format -->
<!entity changesversion "1.8">
]>
<debiandoc>

  <book>
    <titlepag>
      <title>Debian Policy Manual</title>
      <author><qref id="authors">The Debian Policy Mailing List</qref></author>
      <version>version &version;, &date;</version>

      <abstract>
	This manual describes the policy requirements for the Debian
	distribution.  This includes the structure and
	contents of the Debian archive and several design issues of
	the operating system, as well as technical requirements that
	each package must satisfy to be included in the distribution.
      </abstract>

      <copyright>
	<copyrightsummary>
	  Copyright &copy; 1996,1997,1998 Ian Jackson
	  and Christian Schwarz.
	</copyrightsummary>
	<p>
	  These are the copyright dates of the original Policy manual.
	  Since then, this manual has been updated by many others.  No
	  comprehensive collection of copyright notices for subsequent
	  work exists.
	</p>

	<p>
	  This manual is free software; you may redistribute it and/or
	  modify it under the terms of the GNU General Public License
	  as published by the Free Software Foundation; either version
	  2, or (at your option) any later version.
	</p>

	<p>
	  This is distributed in the hope that it will be useful, but
	  <em>without any warranty</em>; without even the implied
	  warranty of merchantability or fitness for a particular
	  purpose.  See the GNU General Public License for more
	  details.
	</p>

	<p>
	  A copy of the GNU General Public License is available as
	  <file>/usr/share/common-licenses/GPL</file> in the Debian
	  distribution or on the World Wide Web at
	  <url id="http://www.gnu.org/copyleft/gpl.html"
	       name="the GNU General Public Licence">. You can also
	  obtain it by writing to the Free Software Foundation, Inc.,
	  51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
	</p>
      </copyright>
    </titlepag>

    <toc detail="sect1">

    <chapt id="scope">
      <heading>About this manual</heading>
      <sect>
	<heading>Scope</heading>
	<p>
	  This manual describes the policy requirements for the Debian
	  distribution. This includes the structure and
	  contents of the Debian archive and several design issues of the
	  operating system, as well as technical requirements that
	  each package must satisfy to be included in the
	  distribution.
	</p>

	<p>
	  This manual also describes Debian policy as it relates to
	  creating Debian packages. It is not a tutorial on how to build
	  packages, nor is it exhaustive where it comes to describing
	  the behavior of the packaging system. Instead, this manual
	  attempts to define the interface to the package management
	  system that the developers have to be conversant with.<footnote>
	      Informally, the criteria used for inclusion is that the
	      material meet one of the following requirements:
	      <taglist compact="compact">
		<tag>Standard interfaces</tag>
		<item>
		    The material presented represents an interface to
		    the packaging system that is mandated for use, and
		    is used by, a significant number of packages, and
		    therefore should not be changed without peer
		    review. Package maintainers can then rely on this
		    interface not changing, and the package management
		    software authors need to ensure compatibility with
		    this interface definition. (Control file and
		    changelog file formats are examples.)
		</item>
		<tag>Chosen Convention</tag>
		<item>
		    If there are a number of technically viable choices
		    that can be made, but one needs to select one of
		    these options for inter-operability. The version
		    number format is one example.
		</item>
	      </taglist>
	      Please note that these are not mutually exclusive;
	      selected conventions often become parts of standard
	      interfaces.
	  </footnote>
	</p>

	<p>
	  The footnotes present in this manual are
	  merely informative, and are not part of Debian policy itself.
	</p>

	<p>
	  The appendices to this manual are not necessarily normative,
	  either. Please see <ref id="pkg-scope"> for more information.
	</p>

	<p>
	  In the normative part of this manual,
	  the words <em>must</em>, <em>should</em> and
	  <em>may</em>, and the adjectives <em>required</em>,
	  <em>recommended</em> and <em>optional</em>, are used to
	  distinguish the significance of the various guidelines in
	  this policy document. Packages that do not conform to the
	  guidelines denoted by <em>must</em> (or <em>required</em>)
	  will generally not be considered acceptable for the Debian
	  distribution. Non-conformance with guidelines denoted by
	  <em>should</em> (or <em>recommended</em>) will generally be
	  considered a bug, but will not necessarily render a package
	  unsuitable for distribution. Guidelines denoted by
	  <em>may</em> (or <em>optional</em>) are truly optional and
	  adherence is left to the maintainer's discretion.
	</p>

	<p>
	  These classifications are roughly equivalent to the bug
	  severities <em>serious</em> (for <em>must</em> or
	  <em>required</em> directive violations), <em>minor</em>,
	  <em>normal</em> or <em>important</em>
	  (for <em>should</em> or <em>recommended</em> directive
	  violations) and <em>wishlist</em> (for <em>optional</em>
	  items).
	  <footnote>
		Compare RFC 2119.  Note, however, that these words are
		used in a different way in this document.
	  </footnote>
	</p>

	<p>
	  Much of the information presented in this manual will be
	  useful even when building a package which is to be
	  distributed in some other way or is intended for local use
	  only.
	</p>

	<p>
	  udebs (stripped-down binary packages used by the Debian Installer) do
	  not comply with all of the requirements discussed here.  See the
	  <url name="Debian Installer internals manual"
	  id="http://d-i.alioth.debian.org/doc/internals/ch03.html"> for more
	  information about them.
	</p>
      </sect>

      <sect>
	<heading>New versions of this document</heading>

	<p>
	  This manual is distributed via the Debian package
	  <package><url name="debian-policy"
              id="http://packages.debian.org/debian-policy"></package> 
          (<httpsite>packages.debian.org</httpsite> 
          <httppath>/debian-policy</httppath>).
	</p>

	<p>
	  The current version of this document is also available from
	  the Debian web mirrors at
	  <tt><url name="/doc/debian-policy/"
		id="http://www.debian.org/doc/debian-policy/"></tt>.
          (
          <httpsite>www.debian.org</httpsite>
          <httppath>/doc/debian-policy/</httppath>)
	  Also available from the same directory are several other
	  formats: <file>policy.html.tar.gz</file>
          (<httppath>/doc/debian-policy/policy.html.tar.gz</httppath>),
          <file>policy.pdf.gz</file> 
          (<httppath>/doc/debian-policy/policy.pdf.gz</httppath>)
	  and <file>policy.ps.gz</file>
          (<httppath>/doc/debian-policy/policy.ps.gz</httppath>).
	</p>

	<p>
	  The <package>debian-policy</package> package also includes the file
	  <file>upgrading-checklist.txt.gz</file> which indicates policy
	  changes between versions of this document.
        </p>
      </sect>

      <sect id="authors">
        <heading>Authors and Maintainers</heading>

	<p>
          Originally called "Debian GNU/Linux Policy Manual", this
          manual was initially written in 1996 by Ian Jackson.
          It was revised on November 27th, 1996 by David A. Morris.
          Christian Schwarz added new sections on March 15th, 1997,
          and reworked/restructured it in April-July 1997.
          Christoph Lameter contributed the "Web Standard".
          Julian Gilbey largely restructured it in 2001.
        </p>

	<p>
          Since September 1998, the responsibility for the contents of
          this document lies on the <url name="debian-policy mailing list"
	  id="mailto:debian-policy@lists.debian.org">. Proposals
          are discussed there and inserted into policy after a certain
          consensus is established.
          <!-- insert shameless policy-process plug here eventually -->
          The actual editing is done by a group of maintainers that have
          no editorial powers. These are the current maintainers:

	  <enumlist>
	    <item>Russ Allbery</item>
	    <item>Bill Allombert</item>
	    <item>Andreas Barth</item>
	    <item>Jonathan Nieder</item>
	  </enumlist>
        </p>

	<p>
	  While the authors of this document have tried hard to avoid
	  typos and other errors, these do still occur. If you discover
	  an error in this manual or if you want to give any
	  comments, suggestions, or criticisms please send an email to
	  the Debian Policy List,
	  <email>debian-policy@lists.debian.org</email>, or submit a
	  bug report against the <tt>debian-policy</tt> package.
	</p>

	<p>
          Please do not try to reach the individual authors or maintainers
          of the Policy Manual regarding changes to the Policy.
        </p>
      </sect>

      <sect id="related">
	<heading>Related documents</heading>

	<p>
	  There are several other documents other than this Policy Manual
	  that are necessary to fully understand some Debian policies and
	  procedures.
	</p>

	<p>
	  The external "sub-policy" documents are referred to in:
	  <list compact="compact">
	    <item><ref id="fhs"></item>
	    <item><ref id="virtual_pkg"></item>
	    <item><ref id="menus"></item>
	    <item><ref id="perl"></item>
	    <item><ref id="maintscriptprompt"></item>
	    <item><ref id="emacs"></item>
	  </list>
	</p>

	<p>
	  In addition to those, which carry the weight of policy, there
	  is the Debian Developer's Reference. This document describes
	  procedures and resources for Debian developers, but it is
	  <em>not</em> normative; rather, it includes things that don't
	  belong in the Policy, such as best practices for developers.
	</p>

	<p>
	  The Developer's Reference is available in the
	  <package>developers-reference</package> package.
	  It's also available from the Debian web mirrors at
	  <tt><url name="/doc/developers-reference/"
		id="http://www.debian.org/doc/developers-reference/"></tt>.
	</p>

	<p>
	  Finally, a <qref id="copyrightformat">specification for
	  machine-readable copyright files</qref> is maintained as part of
	  the <package>debian-policy</package> package using the same
	  procedure as the other policy documents.  Use of this format is
	  optional.
	</p>
      </sect>

      <sect id="definitions">
	<heading>Definitions</heading>

	<p>
	  The following terms are used in this Policy Manual:
	  <taglist>
	    <tag>ASCII</tag>
	    <item>
	      The character encoding specified by ANSI X3.4-1986 and its
	      predecessor standards, referred to in MIME as US-ASCII, and
	      corresponding to an encoding in eight bits per character of
	      the first 128 <url id="http://www.unicode.org/"
	      name="Unicode"> characters, with the eighth bit always zero.
	    </item>
	    <tag>UTF-8</tag>
	    <item>
	      The transformation format (sometimes called encoding) of
	      <url id="http://www.unicode.org/" name="Unicode"> defined by
	      <url id="http://www.rfc-editor.org/rfc/rfc3629.txt"
	      name="RFC 3629">.  UTF-8 has the useful property of having
	      ASCII as a subset, so any text encoded in ASCII is trivially
	      also valid UTF-8.
	    </item>
	  </taglist>
	</p>
      </sect>
    </chapt>


    <chapt id="archive">
      <heading>The Debian Archive</heading>

      <p>
	The Debian system is maintained and distributed as a
	collection of <em>packages</em>. Since there are so many of
	them (currently well over 15000), they are split into
	<em>sections</em> and given <em>priorities</em> to simplify
	the handling of them.
      </p>

      <p>
	The effort of the Debian project is to build a free operating
	system, but not every package we want to make accessible is
	<em>free</em> in our sense (see the Debian Free Software
	Guidelines, below), or may be imported/exported without
	restrictions. Thus, the archive is split into areas<footnote>
	  The Debian archive software uses the term "component" internally
	  and in the Release file format to refer to the division of an
	  archive.  The Debian Social Contract simply refers to "areas."
	  This document uses terminology similar to the Social Contract.
	</footnote> based on their licenses and other restrictions.
      </p>

      <p>
	The aims of this are:

	<list compact="compact">
	  <item>to allow us to make as much software available as we can</item>
	  <item>to allow us to encourage everyone to write free software,
	        and</item>
	  <item>to allow us to make it easy for people to produce
		CD-ROMs of our system without violating any licenses,
		import/export restrictions, or any other laws.</item>
	</list>
      </p>

      <p>
	The <em>main</em> archive area forms the <em>Debian distribution</em>.
      </p>

      <p>
	Packages in the other archive areas (<tt>contrib</tt>,
	<tt>non-free</tt>) are not considered to be part of the Debian
	distribution, although we support their use and provide
	infrastructure for them (such as our bug-tracking system and
	mailing lists). This Debian Policy Manual applies to these
	packages as well.
      </p>

      <sect id="dfsg">
	<heading>The Debian Free Software Guidelines</heading>
	<p>
	  The Debian Free Software Guidelines (DFSG) form our
	  definition of "free software".  These are:
	    <taglist>
	      <tag>1. Free Redistribution
	      </tag>
	      <item>
		  The license of a Debian component may not restrict any
		  party from selling or giving away the software as a
		  component of an aggregate software distribution
		  containing programs from several different
		  sources. The license may not require a royalty or
		  other fee for such sale.
	      </item>
	      <tag>2. Source Code
	      </tag>
	      <item>
		  The program must include source code, and must allow
		  distribution in source code as well as compiled form.
	      </item>
	      <tag>3. Derived Works
	      </tag>
	      <item>
		  The license must allow modifications and derived
		  works, and must allow them to be distributed under the
		  same terms as the license of the original software.
	      </item>
	      <tag>4. Integrity of The Author's Source Code
	      </tag>
	      <item>
		  The license may restrict source-code from being
		  distributed in modified form <em>only</em> if the
		  license allows the distribution of "patch files"
		  with the source code for the purpose of modifying the
		  program at build time. The license must explicitly
		  permit distribution of software built from modified
		  source code. The license may require derived works to
		  carry a different name or version number from the
		  original software.  (This is a compromise. The Debian
		  Project encourages all authors to not restrict any
		  files, source or binary, from being modified.)
	      </item>
	      <tag>5. No Discrimination Against Persons or Groups
	      </tag>
	      <item>
		  The license must not discriminate against any person
		  or group of persons.
	      </item>
	      <tag>6. No Discrimination Against Fields of Endeavor
	      </tag>
	      <item>
		  The license must not restrict anyone from making use
		  of the program in a specific field of endeavor. For
		  example, it may not restrict the program from being
		  used in a business, or from being used for genetic
		  research.
	      </item>
	      <tag>7. Distribution of License
	      </tag>
	      <item>
		  The rights attached to the program must apply to all
		  to whom the program is redistributed without the need
		  for execution of an additional license by those
		  parties.
	      </item>
	      <tag>8. License Must Not Be Specific to Debian
	      </tag>
	      <item>
		  The rights attached to the program must not depend on
		  the program's being part of a Debian system. If the
		  program is extracted from Debian and used or
		  distributed without Debian but otherwise within the
		  terms of the program's license, all parties to whom
		  the program is redistributed must have the same
		  rights as those that are granted in conjunction with
		  the Debian system.
	      </item>
	      <tag>9. License Must Not Contaminate Other Software
	      </tag>
	      <item>
		  The license must not place restrictions on other
		  software that is distributed along with the licensed
		  software. For example, the license must not insist
		  that all other programs distributed on the same medium
		  must be free software.
	      </item>
	      <tag>10. Example Licenses
	      </tag>
	      <item>
                  The "GPL," "BSD," and "Artistic" licenses are examples of
                  licenses that we consider <em>free</em>.
	      </item>
	    </taglist>
	</p>
      </sect>

      <sect id="sections">
	<heading>Archive areas</heading>

	<sect1 id="main">
	  <heading>The main archive area</heading>

	  <p>
	    The <em>main</em> archive area comprises the Debian
	    distribution.  Only the packages in this area are considered
	    part of the distribution.  None of the packages in
	    the <em>main</em> archive area require software outside of
	    that area to function.  Anyone may use, share, modify and
	    redistribute the packages in this archive area
	    freely<footnote>
	      See <url id="http://www.debian.org/intro/free"
		       name="What Does Free Mean?"> for
	      more about what we mean by free software.
	    </footnote>.
	  </p>

	  <p>
	    Every package in <em>main</em> must comply with the DFSG
	    (Debian Free Software Guidelines).
	  </p>

	  <p>
	    In addition, the packages in <em>main</em>
	    <list compact="compact">
	      <item>
		  must not require or recommend a package outside
		  of <em>main</em> for compilation or execution (thus, the
		  package must not declare a "Pre-Depends", "Depends",
		  "Recommends", "Build-Depends", or "Build-Depends-Indep"
		  relationship on a non-<em>main</em> package),
	      </item>
	      <item>
		  must not be so buggy that we refuse to support them,
		  and
	      </item>
	      <item>
		  must meet all policy requirements presented in this
		  manual.
	      </item>
	    </list>
	  </p>

	</sect1>

	<sect1 id="contrib">
	  <heading>The contrib archive area</heading>

	  <p>
	    The <em>contrib</em> archive area contains supplemental
	    packages intended to work with the Debian distribution, but
	    which require software outside of the distribution to either
	    build or function.
	  </p>

	  <p>
	    Every package in <em>contrib</em> must comply with the DFSG.
	  </p>

	  <p>
	    In addition, the packages in <em>contrib</em>
	    <list compact="compact">
	      <item>
		  must not be so buggy that we refuse to support them,
		  and
	      </item>
	      <item>
		  must meet all policy requirements presented in this
		  manual.
	      </item>
	    </list>
	  </p>

	  <p>
	    Examples of packages which would be included in
	    <em>contrib</em> are:
	    <list compact="compact">
	      <item>
		  free packages which require <em>contrib</em>,
		  <em>non-free</em> packages or packages which are not
		  in our archive at all for compilation or execution,
		  and
	      </item>
	      <item>
		  wrapper packages or other sorts of free accessories for
		  non-free programs.
	      </item>
	    </list>
	  </p>
	</sect1>

	<sect1 id="non-free">
	  <heading>The non-free archive area</heading>

	  <p>
	    The <em>non-free</em> archive area contains supplemental
	    packages intended to work with the Debian distribution that do
	    not comply with the DFSG or have other problems that make
	    their distribution problematic.  They may not comply with all
	    of the policy requirements in this manual due to restrictions
	    on modifications or other limitations.
	  </p>

	  <p>
	    Packages must be placed in <em>non-free</em> if they are
	    not compliant with the DFSG or are encumbered by patents
	    or other legal issues that make their distribution
	    problematic.
	  </p>

	  <p>
	    In addition, the packages in <em>non-free</em>
	    <list compact="compact">
	      <item>
		  must not be so buggy that we refuse to support them,
		  and
	      </item>
	      <item>
		  must meet all policy requirements presented in this
		  manual that it is possible for them to meet.
		  <footnote>
		      It is possible that there are policy
		      requirements which the package is unable to
		      meet, for example, if the source is
		      unavailable.  These situations will need to be
		      handled on a case-by-case basis.
		  </footnote>
	      </item>
	    </list>
	  </p>
	</sect1>

      </sect>

      <sect id="pkgcopyright">
	<heading>Copyright considerations</heading>

	<p>
	  Every package must be accompanied by a verbatim copy of its
	  copyright information and distribution license in the file
	  <file>/usr/share/doc/<var>package</var>/copyright</file>
	  (see <ref id="copyrightfile"> for further details).
	</p>

	<p>
	  We reserve the right to restrict files from being included
	  anywhere in our archives if
	  <list compact="compact">
	    <item>
		  their use or distribution would break a law,
	    </item>
	    <item>
		  there is an ethical conflict in their distribution or
		  use,
	    </item>
	    <item>
		  we would have to sign a license for them, or
	    </item>
	    <item>
		  their distribution would conflict with other project
		  policies.
	    </item>
	  </list>
	</p>

	<p>
	  Programs whose authors encourage the user to make
	  donations are fine for the main distribution, provided
	  that the authors do not claim that not donating is
	  immoral, unethical, illegal or something similar; in such
	  a case they must go in <em>non-free</em>.
	</p>

	<p>
	  Packages whose copyright permission notices (or patent
	  problems) do not even allow redistribution of binaries
	  only, and where no special permission has been obtained,
	  must not be placed on the Debian FTP site and its mirrors
	  at all.
	</p>

	<p>
	  Note that under international copyright law (this applies
	  in the United States, too), <em>no</em> distribution or
	  modification of a work is allowed without an explicit
	  notice saying so.  Therefore a program without a copyright
	  notice <em>is</em> copyrighted and you may not do anything
	  to it without risking being sued! Likewise if a program
	  has a copyright notice but no statement saying what is
	  permitted then nothing is permitted.
	</p>

	<p>
	  Many authors are unaware of the problems that restrictive
	  copyrights (or lack of copyright notices) can cause for
	  the users of their supposedly-free software.  It is often
	  worthwhile contacting such authors diplomatically to ask
	  them to modify their license terms. However, this can be a
	  politically difficult thing to do and you should ask for
	  advice on the <tt>debian-legal</tt> mailing list first, as
	  explained below.
	</p>

	<p>
	  When in doubt about a copyright, send mail to
	  <email>debian-legal@lists.debian.org</email>.  Be prepared
	  to provide us with the copyright statement.  Software
	  covered by the GPL, public domain software and BSD-like
	  copyrights are safe; be wary of the phrases "commercial
	  use prohibited" and "distribution restricted".
	</p>
      </sect>

      <sect id="subsections">
	<heading>Sections</heading>

	<p>
	  The packages in the archive areas <em>main</em>,
	  <em>contrib</em> and <em>non-free</em> are grouped further into
	  <em>sections</em> to simplify handling.
	</p>

	<p>
	  The archive area and section for each package should be
	  specified in the package's <tt>Section</tt> control record (see
	  <ref id="f-Section">).  However, the maintainer of the Debian
	  archive may override this selection to ensure the consistency of
	  the Debian distribution.  The <tt>Section</tt> field should be
	  of the form:
	  <list compact="compact">
	    <item>
		  <em>section</em> if the package is in the
		  <em>main</em> archive area,
	    </item>
	    <item>
		  <em>area/section</em> if the package is in
		  the <em>contrib</em> or <em>non-free</em>
		  archive areas.
	    </item>
	  </list>
	</p>

	<p>
	  The Debian archive maintainers provide the authoritative
	  list of sections.  At present, they are:
admin,
cli-mono,
comm,
database,
debug,
devel,
doc,
editors,
education,
electronics,
embedded,
fonts,
games,
gnome,
gnu-r,
gnustep,
graphics,
hamradio,
haskell,
httpd,
interpreters,
introspection,
java,
kde,
kernel,
libdevel,
libs,
lisp,
localization,
mail,
math,
metapackages,
misc,
net,
news,
ocaml,
oldlibs,
otherosfs,
perl,
php,
python,
ruby,
science,
shells,
sound,
tasks,
tex,
text,
utils,
vcs,
video,
web,
x11,
xfce,
zope.
	  The additional section <em>debian-installer</em>
	  contains special packages used by the installer and is not used
	  for normal Debian packages.
	</p>

	<p>
	  For more information about the sections and their definitions,
	  see the <url id="http://packages.debian.org/unstable/"
		       name="list of sections in unstable">.
	</p>
      </sect>

      <sect id="priorities">
	<heading>Priorities</heading>

	<p>
	  Each package should have a <em>priority</em> value, which is
	  included in the package's <em>control record</em>
	  (see <ref id="f-Priority">).
	  This information is used by the Debian package management tools to
	  separate high-priority packages from less-important packages.
	</p>

	<p>
	  The following <em>priority levels</em> are recognized by the
	  Debian package management tools.
	  <taglist>
	    <tag><tt>required</tt></tag>
	    <item>
		Packages which are necessary for the proper
		functioning of the system (usually, this means that
		dpkg functionality depends on these packages).
		Removing a <tt>required</tt> package may cause your
		system to become totally broken and you may not even
		be able to use <prgn>dpkg</prgn> to put things back,
		so only do so if you know what you are doing.  Systems
		with only the <tt>required</tt> packages are probably
		unusable, but they do have enough functionality to
		allow the sysadmin to boot and install more software.
	    </item>
	    <tag><tt>important</tt></tag>
	    <item>
		Important programs, including those which one would
		expect to find on any Unix-like system.  If the
		expectation is that an experienced Unix person who
		found it missing would say "What on earth is going on,
		where is <prgn>foo</prgn>?", it must be an
		<tt>important</tt> package.<footnote>
		    This is an important criterion because we are
		    trying to produce, amongst other things, a free
		    Unix.
		</footnote>
		Other packages without which the system will not run
		well or be usable must also have priority
		<tt>important</tt>.  This does
		<em>not</em> include Emacs, the X Window System, TeX
		or any other large applications.  The
		<tt>important</tt> packages are just a bare minimum of
		commonly-expected and necessary tools.
	    </item>
	    <tag><tt>standard</tt></tag>
	    <item>
		These packages provide a reasonably small but not too
		limited character-mode system.  This is what will be
		installed by default if the user doesn't select anything
		else.  It doesn't include many large applications.
	    </item>
	    <tag><tt>optional</tt></tag>
	    <item>
		(In a sense everything that isn't required is
		optional, but that's not what is meant here.) This is
		all the software that you might reasonably want to
		install if you didn't know what it was and don't have
		specialized requirements. This is a much larger system
		and includes the X Window System, a full TeX
		distribution, and many applications. Note that
		optional packages should not conflict with each other.
	    </item>
	    <tag><tt>extra</tt></tag>
	    <item>
		This contains all packages that conflict with others
		with required, important, standard or optional
		priorities, or are only likely to be useful if you
		already know what they are or have specialized
		requirements (such as packages containing only detached
		debugging symbols).
	    </item>
	  </taglist>
	</p>

	<p>
	  Packages must not depend on packages with lower priority
	  values (excluding build-time dependencies).  In order to
	  ensure this, the priorities of one or more packages may need
	  to be adjusted.
	</p>
      </sect>

    </chapt>


    <chapt id="binary">
      <heading>Binary packages</heading>

      <p>
	The Debian distribution is based on the Debian
	package management system, called <prgn>dpkg</prgn>. Thus,
	all packages in the Debian distribution must be provided
	in the <tt>.deb</tt> file format.
      </p>

      <p>
	A <tt>.deb</tt> package contains two sets of files: a set of files
	to install on the system when the package is installed, and a set
	of files that provide additional metadata about the package or
	which are executed when the package is installed or removed.  This
	second set of files is called <em>control information files</em>.
	Among those files are the package maintainer scripts
	and <file>control</file>, the <qref id="binarycontrolfiles">binary
	package control file</qref> that contains the control fields for
	the package.  Other control information files include
	the <qref id="sharedlibs-symbols"><file>symbols</file> file</qref>
	or <qref id="sharedlibs-shlibdeps"><file>shlibs</file> file</qref>
	used to store shared library dependency information and
	the <file>conffiles</file> file that lists the package's
	configuration files (described in <ref id="config-files">).
      </p>

      <p>
	There is unfortunately a collision of terminology here between
	control information files and files in the Debian control file
	format.  Throughout this document, a <em>control file</em> refers
	to a file in the Debian control file format.  These files are
	documented in <ref id="controlfields">.  Only files referred to
	specifically as <em>control information files</em> are the files
	included in the control information file member of
	the <file>.deb</file> file format used by binary packages.  Most
	control information files are not in the Debian control file
	format.
      </p>

      <sect>
	<heading>The package name</heading>

	<p>
	  Every package must have a name that's unique within the Debian
	  archive.
	</p>

	<p>
	  The package name is included in the control field
	  <tt>Package</tt>, the format of which is described
	  in <ref id="f-Package">.
	  The package name is also included as a part of the file name
	  of the <tt>.deb</tt> file.
	</p>
      </sect>

      <sect id="versions">
	<heading>The version of a package</heading>

	<p>
	  Every package has a version number recorded in its
	  <tt>Version</tt> control file field, described in
	  <ref id="f-Version">.
	</p>

	<p>
	  The package management system imposes an ordering on version
	  numbers, so that it can tell whether packages are being up- or
	  downgraded and so that package system front end applications
	  can tell whether a package it finds available is newer than
	  the one installed on the system.  The version number format
	  has the most significant parts (as far as comparison is
	  concerned) at the beginning.
	</p>

	<p>
	  If an upstream package has problematic version numbers they
	  should be converted to a sane form for use in the
	  <tt>Version</tt> field.
	</p>

	<sect1>
	  <heading>Version numbers based on dates</heading>

	  <p>
	    In general, Debian packages should use the same version
	    numbers as the upstream sources.  However, upstream version
	    numbers based on some date formats (sometimes used for
	    development or "snapshot" releases) will not be ordered
	    correctly by the package management software.  For
	    example, <prgn>dpkg</prgn> will consider "96May01" to be
	    greater than "96Dec24".
	  </p>

	  <p>
	    To prevent having to use epochs for every new upstream
	    version, the date-based portion of any upstream version number
	    should be given in a way that sorts correctly: four-digit year
	    first, followed by a two-digit numeric month, followed by a
	    two-digit numeric date, possibly with punctuation between the
	    components.
	  </p>

	  <p>
	    Native Debian packages (i.e., packages which have been written
	    especially for Debian) whose version numbers include dates
	    should also follow these rules.  If punctuation is desired
	    between the date components, remember that hyphen (<tt>-</tt>)
	    cannot be used in native package versions.  Period
	    (<tt>.</tt>) is normally a good choice.
	  </p>
	</sect1>

      </sect>

      <sect id="maintainer">
	<heading>The maintainer of a package</heading>

	<p>
	  Every package must have a maintainer, except for orphaned
	  packages as described below.  The maintainer may be one person
	  or a group of people reachable from a common email address, such
	  as a mailing list.  The maintainer is responsible for
	  maintaining the Debian packaging files, evaluating and
	  responding appropriately to reported bugs, uploading new
	  versions of the package (either directly or through a sponsor),
	  ensuring that the package is placed in the appropriate archive
	  area and included in Debian releases as appropriate for the
	  stability and utility of the package, and requesting removal of
	  the package from the Debian distribution if it is no longer
	  useful or maintainable.
	</p>

	<p>
	  The maintainer must be specified in the <tt>Maintainer</tt>
	  control field with their correct name and a working email
	  address.  The email address given in the <tt>Maintainer</tt>
	  control field must accept mail from those role accounts in
	  Debian used to send automated mails regarding the package.  This
	  includes non-spam mail from the bug-tracking system, all mail
	  from the Debian archive maintenance software, and other role
	  accounts or automated processes that are commonly agreed on by
	  the project.<footnote>
	    A sample implementation of such a whitelist written for the
	    Mailman mailing list management software is used for mailing
	    lists hosted by alioth.debian.org.
	  </footnote>
	  If one person or team maintains several packages, they should
	  use the same form of their name and email address in
	  the <tt>Maintainer</tt> fields of those packages.
	</p>

	<p>
	  The format of the <tt>Maintainer</tt> control field is
	  described in <ref id="f-Maintainer">.
	</p>

	<p>
	  If the maintainer of the package is a team of people with a
	  shared email address, the <tt>Uploaders</tt> control field must
	  be present and must contain at least one human with their
	  personal email address.  See <ref id="f-Uploaders"> for the
	  syntax of that field.
	</p>

	<p>
	  An orphaned package is one with no current maintainer.  Orphaned
	  packages should have their <tt>Maintainer</tt> control field set
	  to <tt>Debian QA Group &lt;packages@qa.debian.org&gt;</tt>.
	  These packages are considered maintained by the Debian project
	  as a whole until someone else volunteers to take over
	  maintenance.<footnote>
	    The detailed procedure for gracefully orphaning a package can
	    be found in the Debian Developer's Reference
	    (see <ref id="related">).
	  </footnote>
	</p>
      </sect>

      <sect id="descriptions">
	<heading>The description of a package</heading>

	<p>
	  Every Debian package must have a <tt>Description</tt> control
	  field which contains a synopsis and extended description of the
	  package.  Technical information about the format of the
	  <tt>Description</tt> field is in <ref id="f-Description">.
	</p>

	<p>
	  The description should describe the package (the program) to a
	  user (system administrator) who has never met it before so that
	  they have enough information to decide whether they want to
	  install it. This description should not just be copied verbatim
	  from the program's documentation.
	</p>

	<p>
	  Put important information first, both in the synopsis and
	  extended description.  Sometimes only the first part of the
	  synopsis or of the description will be displayed.  You can
	  assume that there will usually be a way to see the whole
	  extended description.
	</p>

	<p>
	  The description should also give information about the
	  significant dependencies and conflicts between this package
	  and others, so that the user knows why these dependencies and
	  conflicts have been declared.
	</p>

	<p>
	  Instructions for configuring or using the package should
	  not be included (that is what installation scripts,
	  manual pages, info files, etc., are for).  Copyright
	  statements and other administrivia should not be included
	  either (that is what the copyright file is for).
	</p>

        <sect1 id="synopsis"><heading>The single line synopsis</heading>

	  <p>
	    The single line synopsis should be kept brief - certainly
	    under 80 characters.
	  </p>

	  <p>
	    Do not include the package name in the synopsis line.  The
	    display software knows how to display this already, and you
	    do not need to state it.  Remember that in many situations
	    the user may only see the synopsis line - make it as
	    informative as you can.
	  </p>

	</sect1>

        <sect1 id="extendeddesc"><heading>The extended description</heading>

	  <p>
	    Do not try to continue the single line synopsis into the
	    extended description.  This will not work correctly when
	    the full description is displayed, and makes no sense
	    where only the summary (the single line synopsis) is
	    available.
	  </p>

	  <p>
	    The extended description should describe what the package
	    does and how it relates to the rest of the system (in terms
	    of, for example, which subsystem it is which part of).
	  </p>

	  <p>
	    The description field needs to make sense to anyone, even
	    people who have no idea about any of the things the
	    package deals with.<footnote>
		The blurb that comes with a program in its
		announcements and/or <prgn>README</prgn> files is
		rarely suitable for use in a description.  It is
		usually aimed at people who are already in the
		community where the package is used.
	    </footnote>
	  </p>

	</sect1>

      </sect>

      <sect id="dependencies">
	<heading>Dependencies</heading>

	<p>
	  Every package must specify the dependency information
	  about other packages that are required for the first to
	  work correctly.
	</p>

	<p>
	  For example, a dependency entry must be provided for any
	  shared libraries required by a dynamically-linked executable
	  binary in a package.
	</p>

	<p>
	  Packages are not required to declare any dependencies they
	  have on other packages which are marked <tt>Essential</tt>
	  (see below), and should not do so unless they depend on a
	  particular version of that package.<footnote>
            <p>
	      Essential is needed in part to avoid unresolvable dependency
	      loops on upgrade.  If packages add unnecessary dependencies
	      on packages in this set, the chances that there
	      <strong>will</strong> be an unresolvable dependency loop
	      caused by forcing these Essential packages to be configured
	      first before they need to be is greatly increased.  It also
	      increases the chances that frontends will be unable to
	      <strong>calculate</strong> an upgrade path, even if one
	      exists.
            </p>
            <p>
	      Also, functionality is rarely ever removed from the
	      Essential set, but <em>packages</em> have been removed from
	      the Essential set when the functionality moved to a
	      different package. So depending on these packages <em>just
	      in case</em> they stop being essential does way more harm
	      than good.
            </p>
          </footnote>
	</p>

	<p>
	  Sometimes, unpacking one package requires that another package
	  be first unpacked <em>and</em> configured.  In this case, the
	  depending package must specify this dependency in
	  the <tt>Pre-Depends</tt> control field.
	</p>

	<p>
	  You should not specify a <tt>Pre-Depends</tt> entry for a
	  package before this has been discussed on the
	  <tt>debian-devel</tt> mailing list and a consensus about
	  doing that has been reached.
	</p>

	<p>
	  The format of the package interrelationship control fields is
	  described in <ref id="relationships">.
	</p>
      </sect>

      <sect id="virtual_pkg">
	<heading>Virtual packages</heading>

	<p>
	  Sometimes, there are several packages which offer
	  more-or-less the same functionality. In this case, it's
	  useful to define a <em>virtual package</em> whose name
	  describes that common functionality.  (The virtual
	  packages only exist logically, not physically; that's why
	  they are called <em>virtual</em>.) The packages with this
	  particular function will then <em>provide</em> the virtual
	  package. Thus, any other package requiring that function
	  can simply depend on the virtual package without having to
	  specify all possible packages individually.
	</p>

	<p>
	  All packages should use virtual package names where
	  appropriate, and arrange to create new ones if necessary.
	  They should not use virtual package names (except privately,
	  amongst a cooperating group of packages) unless they have
	  been agreed upon and appear in the list of virtual package
	  names. (See also <ref id="virtual">)
	</p>

	<p>
	  The latest version of the authoritative list of virtual
	  package names can be found in the <tt>debian-policy</tt> package.
	  It is also available from the Debian web mirrors at
	  <tt><url name="/doc/packaging-manuals/virtual-package-names-list.txt"
		id="http://www.debian.org/doc/packaging-manuals/virtual-package-names-list.txt"></tt>.
	</p>

	<p>
	  The procedure for updating the list is described in the preface
	  to the list.
	</p>

      </sect>

      <sect>
	<heading>Base system</heading>

	<p>
	  The <tt>base system</tt> is a minimum subset of the Debian
	  system that is installed before everything else
	  on a new system. Only very few packages are allowed to form
	  part of the base system, in order to keep the required disk
	  usage very small.
	</p>

	<p>
	  The base system consists of all those packages with priority
	  <tt>required</tt> or <tt>important</tt>. Many of them will
	  be tagged <tt>essential</tt> (see below).
	</p>
      </sect>

      <sect>
	<heading>Essential packages</heading>

	<p>
	  Essential is defined as the minimal set of functionality that
	  must be available and usable on the system at all times, even
	  when packages are in the "Unpacked" state.
	  Packages are tagged <tt>essential</tt> for a system using the
	  <tt>Essential</tt> control field.  The format of the
	  <tt>Essential</tt> control field is described in <ref
	  id="f-Essential">.
	</p>

	<p>
	  Since these packages cannot be easily removed (one has to
	  specify an extra <em>force option</em> to
	  <prgn>dpkg</prgn> to do so), this flag must not be used
	  unless absolutely necessary.  A shared library package
	  must not be tagged <tt>essential</tt>; dependencies will
	  prevent its premature removal, and we need to be able to
	  remove it when it has been superseded.
	</p>

	<p>
	  Since dpkg will not prevent upgrading of other packages
	  while an <tt>essential</tt> package is in an unconfigured
            state, all <tt>essential</tt> packages must supply all of
            their core functionality even when unconfigured. If the
            package cannot satisfy this requirement it must not be
            tagged as essential, and any packages depending on this
            package must instead have explicit dependency fields as
            appropriate.
	</p>

	<p>
	  Maintainers should take great care in adding any programs,
	  interfaces, or functionality to <tt>essential</tt> packages.
	  Packages may assume that functionality provided by
	  <tt>essential</tt> packages is always available without
	  declaring explicit dependencies, which means that removing
	  functionality from the Essential set is very difficult and is
	  almost never done.  Any capability added to an
	  <tt>essential</tt> package therefore creates an obligation to
	  support that capability as part of the Essential set in
	  perpetuity.
	</p>

	<p>
	  You must not tag any packages <tt>essential</tt> before
	  this has been discussed on the <tt>debian-devel</tt>
	  mailing list and a consensus about doing that has been
	  reached.
	</p>
      </sect>

      <sect id="maintscripts">
	<heading>Maintainer Scripts</heading>

	<p>
	  The package installation scripts should avoid producing
	  output which is unnecessary for the user to see and
	  should rely on <prgn>dpkg</prgn> to stave off boredom on
	  the part of a user installing many packages. This means,
	  amongst other things, not passing the <tt>--verbose</tt>
	  option to <prgn>update-alternatives</prgn>.
	</p>

	<p>
	  Errors which occur during the execution of an installation
	  script must be checked and the installation must not
	  continue after an error.
	</p>

	<p>
	  Note that in general <ref id="scripts"> applies to package
	  maintainer scripts, too.
	</p>

	<p>
	  You should not use <prgn>dpkg-divert</prgn> on a file belonging
	  to another package without consulting the maintainer of that
	  package first.  When adding or removing diversions, package
	  maintainer scripts must provide the <tt>--package</tt> flag
	  to <prgn>dpkg-divert</prgn> and must not use <tt>--local</tt>.
	</p>

	<p>
	  All packages which supply an instance of a common command
	  name (or, in general, filename) should generally use
	  <prgn>update-alternatives</prgn>, so that they may be
	  installed together.  If <prgn>update-alternatives</prgn>
	  is not used, then each package must use
	  <tt>Conflicts</tt> to ensure that other packages are
	  removed.  (In this case, it may be appropriate to
	  specify a conflict against earlier versions of something
	  that previously did not use
	  <prgn>update-alternatives</prgn>; this is an exception to
	  the usual rule that versioned conflicts should be
	  avoided.)
	</p>

	<sect1 id="maintscriptprompt">
	  <heading>Prompting in maintainer scripts</heading>
	  <p>
	    Package maintainer scripts may prompt the user if
	    necessary. Prompting must be done by communicating
	    through a program, such as <prgn>debconf</prgn>, which
	    conforms to the Debian Configuration Management
	    Specification, version 2 or higher.
	  </p>

	  <p>
	    Packages which are essential, or which are dependencies of
	    essential packages, may fall back on another prompting method
	    if no such interface is available when they are executed.
	  </p>

	  <p>
	    The Debian Configuration Management Specification is included
	    in the <file>debconf_specification</file> files in the
	    <package>debian-policy</package> package.
	    It is also available from the Debian web mirrors at
            <tt><url name="/doc/packaging-manuals/debconf_specification.html"
		id="http://www.debian.org/doc/packaging-manuals/debconf_specification.html"></tt>.
	  </p>

	  <p>
	    Packages which use the Debian Configuration Management
	    Specification may contain the additional control information
	    files <file>config</file>
	    and <file>templates</file>.  <file>config</file> is an
	    additional maintainer script used for package configuration,
	    and <file>templates</file> contains templates used for user
	    prompting.  The <prgn>config</prgn> script might be run before
	    the <prgn>preinst</prgn> script and before the package is
	    unpacked or any of its dependencies or pre-dependencies are
	    satisfied.  Therefore it must work using only the tools
	    present in <em>essential</em> packages.<footnote>
		  <package>Debconf</package> or another tool that
		  implements the Debian Configuration Management
		  Specification will also be installed, and any
		  versioned dependencies on it will be satisfied
		  before preconfiguration begins.
	    </footnote>
	  </p>

	  <p>
	    Packages which use the Debian Configuration Management
	    Specification must allow for translation of their user-visible
	    messages by using a gettext-based system such as the one
	    provided by the <package>po-debconf</package> package.
	  </p>

	  <p>
	    Packages should try to minimize the amount of prompting
	    they need to do, and they should ensure that the user
	    will only ever be asked each question once.  This means
	    that packages should try to use appropriate shared
	    configuration files (such as <file>/etc/papersize</file> and
	    <file>/etc/news/server</file>), and shared
	    <package>debconf</package> variables rather than each
	    prompting for their own list of required pieces of
	    information.
	  </p>

	  <p>
	    It also means that an upgrade should not ask the same
	    questions again, unless the user has used
	    <tt>dpkg --purge</tt> to remove the package's configuration.
	    The answers to configuration questions should be stored in an
	    appropriate place in <file>/etc</file> so that the user can
	    modify them, and how this has been done should be
	    documented.
	  </p>

	  <p>
	    If a package has a vitally important piece of
	    information to pass to the user (such as "don't run me
	    as I am, you must edit the following configuration files
	    first or you risk your system emitting badly-formatted
	    messages"), it should display this in the
	    <prgn>config</prgn> or <prgn>postinst</prgn> script and
	    prompt the user to hit return to acknowledge the
	    message.  Copyright messages do not count as vitally
	    important (they belong in
	    <file>/usr/share/doc/<var>package</var>/copyright</file>);
	    neither do instructions on how to use a program (these
	    should be in on-line documentation, where all the users
	    can see them).
	  </p>

	  <p>
	    Any necessary prompting should almost always be confined
	    to the <prgn>config</prgn> or <prgn>postinst</prgn>
	    script. If it is done in the <prgn>postinst</prgn>, it
	    should be protected with a conditional so that
	    unnecessary prompting doesn't happen if a package's
	    installation fails and the <prgn>postinst</prgn> is
	    called with <tt>abort-upgrade</tt>,
	    <tt>abort-remove</tt> or <tt>abort-deconfigure</tt>.
	  </p>
	</sect1>

      </sect>

    </chapt>


    <chapt id="source">
      <heading>Source packages</heading>

      <sect id="standardsversion">
	<heading>Standards conformance</heading>

	<p>
	  Source packages should specify the most recent version number
	  of this policy document with which your package complied
	  when it was last updated.
	</p>

	<p>
	  This information may be used to file bug reports
	  automatically if your package becomes too much out of date.
	</p>

	<p>
	  The version is specified in the <tt>Standards-Version</tt>
	  control field.
	  The format of the <tt>Standards-Version</tt> field is
	  described in <ref id="f-Standards-Version">.
	</p>

	<p>
	  You should regularly, and especially if your package has
	  become out of date, check for the newest Policy Manual
	  available and update your package, if necessary. When your
	  package complies with the new standards you should update the
	  <tt>Standards-Version</tt> source package field and
	  release it.<footnote>
		See the file <file>upgrading-checklist</file> for
		information about policy which has changed between
		different versions of this document.
	  </footnote>
	</p>

      </sect>

      <sect id="pkg-relations">
	<heading>Package relationships</heading>

	<p>
	  Source packages should specify which binary packages they
	  require to be installed or not to be installed in order to
	  build correctly.  For example, if building a package
	  requires a certain compiler, then the compiler should be
	  specified as a build-time dependency.
	</p>

	<p>
	  It is not necessary to explicitly specify build-time
	  relationships on a minimal set of packages that are always
	  needed to compile, link and put in a Debian package a
	  standard "Hello World!" program written in C or C++.  The
	  required packages are called <em>build-essential</em>, and
	  an informational list can be found in
	  <file>/usr/share/doc/build-essential/list</file> (which is
	  contained in the <tt>build-essential</tt>
	  package).<footnote>
	    Rationale:
		<list compact="compact">
		  <item>
		      This allows maintaining the list separately
		      from the policy documents (the list does not
		      need the kind of control that the policy
		      documents do).
		  </item>
		  <item>
		      Having a separate package allows one to install
		      the build-essential packages on a machine, as
		      well as allowing other packages such as tasks to
		      require installation of the build-essential
		      packages using the depends relation.
		  </item>
		  <item>
		      The separate package allows bug reports against
		      the list to be categorized separately from
		      the policy management process in the BTS.
		  </item>
		</list>
	  </footnote>
	</p>

	<p>
	  When specifying the set of build-time dependencies, one
	  should list only those packages explicitly required by the
	  build.  It is not necessary to list packages which are
	  required merely because some other package in the list of
	  build-time dependencies depends on them.<footnote>
		The reason for this is that dependencies change, and
		you should list all those packages, and <em>only</em>
		those packages that <em>you</em> need directly.  What
		others need is their business.  For example, if you
		only link against <file>libimlib</file>, you will need to
		build-depend on <package>libimlib2-dev</package> but
		not against any <tt>libjpeg*</tt> packages, even
		though <tt>libimlib2-dev</tt> currently depends on
		them: installation of <package>libimlib2-dev</package>
		will automatically ensure that all of its run-time
		dependencies are satisfied.
	  </footnote>
	</p>

	<p>
	  If build-time dependencies are specified, it must be
	  possible to build the package and produce working binaries
	  on a system with only essential and build-essential
	  packages installed and also those required to satisfy the
	  build-time relationships (including any implied
	  relationships).  In particular, this means that version
	  clauses should be used rigorously in build-time
	  relationships so that one cannot produce bad or
	  inconsistently configured packages when the relationships
	  are properly satisfied.
	</p>

	<p>
	  <ref id="relationships"> explains the technical details.
	</p>
      </sect>

      <sect>
	<heading>Changes to the upstream sources</heading>

	<p>
	  If changes to the source code are made that are not
	  specific to the needs of the Debian system, they should be
	  sent to the upstream authors in whatever form they prefer
	  so as to be included in the upstream version of the
	  package.
	</p>

	<p>
	  If you need to configure the package differently for
	  Debian or for Linux, and the upstream source doesn't
	  provide a way to do so, you should add such configuration
	  facilities (for example, a new <prgn>autoconf</prgn> test
	  or <tt>#define</tt>) and send the patch to the upstream
	  authors, with the default set to the way they originally
	  had it.  You can then easily override the default in your
	  <file>debian/rules</file> or wherever is appropriate.
	</p>

	<p>
	  You should make sure that the <prgn>configure</prgn> utility
	  detects the correct architecture specification string
	  (refer to <ref id="arch-spec"> for details).
	</p>

	<p>
	  If you need to edit a <prgn>Makefile</prgn> where GNU-style
	  <prgn>configure</prgn> scripts are used, you should edit the
	  <file>.in</file> files rather than editing the
	  <prgn>Makefile</prgn> directly.  This allows the user to
	  reconfigure the package if necessary.  You should
	  <em>not</em> configure the package and edit the generated
	  <prgn>Makefile</prgn>!  This makes it impossible for someone
	  else to later reconfigure the package without losing the
	  changes you made.
	</p>

      </sect>

      <sect id="dpkgchangelog">
	<heading>Debian changelog: <file>debian/changelog</file></heading>

	<p>
	  Changes in the Debian version of the package should be
	  briefly explained in the Debian changelog file
	  <file>debian/changelog</file>.<footnote>
            <p>
              Mistakes in changelogs are usually best rectified by
              making a new changelog entry rather than "rewriting
              history" by editing old changelog entries.
            </p>
          </footnote>
          This includes modifications
	  made in the Debian package compared to the upstream one
	  as well as other changes and updates to the package.
	  <footnote>
	      Although there is nothing stopping an author who is also
	      the Debian maintainer from using this changelog for all
	      their changes, it will have to be renamed if the Debian
	      and upstream maintainers become different people. In such
	      a case, however, it might be better to maintain the package
	      as a non-native package.
	  </footnote>
	</p>

        <p>
          The format of the <file>debian/changelog</file> allows the
	  package building tools to discover which version of the package
	  is being built and find out other release-specific information.
	</p>

	<p>
	  That format is a series of entries like this:

<example compact="compact">
<var>package</var> (<var>version</var>) <var>distribution(s)</var>; urgency=<var>urgency</var>
	    <var>
	      [optional blank line(s), stripped]
	    </var>
  * <var>change details</var>
    <var>more change details</var>
	    <var>
	      [blank line(s), included in output of dpkg-parsechangelog]
	    </var>
  * <var>even more change details</var>
	    <var>
	      [optional blank line(s), stripped]
	    </var>
 -- <var>maintainer name</var> &lt;<var>email address</var>&gt;<var>[two spaces]</var>  <var>date</var>
</example>
	</p>

	<p>
	  <var>package</var> and <var>version</var> are the source
	  package name and version number.
	</p>

	<p>
	  <var>distribution(s)</var> lists the distributions where
	  this version should be installed when it is uploaded - it
	  is copied to the <tt>Distribution</tt> field in the
	  <file>.changes</file> file.  See <ref id="f-Distribution">.
	</p>

	<p>
	  <var>urgency</var> is the value for the <tt>Urgency</tt>
	  field in the <file>.changes</file> file for the upload
	  (see <ref id="f-Urgency">). It is not possible to specify
	  an urgency containing commas; commas are used to separate
	  <tt><var>keyword</var>=<var>value</var></tt> settings in the
	  <prgn>dpkg</prgn> changelog format (though there is
	  currently only one useful <var>keyword</var>,
	  <tt>urgency</tt>).
	</p>

	<p>
	  The change details may in fact be any series of lines
	  starting with at least two spaces, but conventionally each
	  change starts with an asterisk and a separating space and
	  continuation lines are indented so as to bring them in
	  line with the start of the text above.  Blank lines may be
	  used here to separate groups of changes, if desired.
	</p>

	<p>
	  If this upload resolves bugs recorded in the Bug Tracking
	  System (BTS), they may be automatically closed on the
	  inclusion of this package into the Debian archive by
	  including the string: <tt>closes: Bug#<var>nnnnn</var></tt>
	  in the change details.<footnote>
	      To be precise, the string should match the following
	      Perl regular expression:
	      <example>
/closes:\s*(?:bug)?\#?\s?\d+(?:,\s*(?:bug)?\#?\s?\d+)*/i
	      </example>
	      Then all of the bug numbers listed will be closed by the
	      archive maintenance software (<prgn>dak</prgn>) using the
	      <var>version</var> of the changelog entry.
	  </footnote>
	  This information is conveyed via the <tt>Closes</tt> field
	  in the <tt>.changes</tt> file (see <ref id="f-Closes">).
	</p>

	<p>
	  The maintainer name and email address used in the changelog
	  should be the details of the person who prepared this release of
	  the package.  They are <em>not</em> necessarily those of the
	  uploader or usual package maintainer.<footnote>
	    In the case of a sponsored upload, the uploader signs the
	    files, but the changelog maintainer name and address are those
	    of the person who prepared this release.  If the preparer of
	    the release is not one of the usual maintainers of the package
	    (as listed in
	    the <qref id="f-Maintainer"><tt>Maintainer</tt></qref>
	    or <qref id="f-Uploaders"><tt>Uploaders</tt></qref> control
	    fields of the package), the first line of the changelog is
	    conventionally used to explain why a non-maintainer is
	    uploading the package.  The Debian Developer's Reference
	    (see <ref id="related">) documents the conventions
	    used.</footnote>
	  The information here will be copied to the <tt>Changed-By</tt>
	  field in the <tt>.changes</tt> file
	  (see <ref id="f-Changed-By">), and then later used to send an
	  acknowledgement when the upload has been installed.
	</p>

	<p>
	  The <var>date</var> has the following format<footnote>
	      This is the same as the format generated by <tt>date
	      -R</tt>.
	  </footnote> (compatible and with the same semantics of
	  RFC 2822 and RFC 5322):
	  <example>day-of-week, dd month yyyy hh:mm:ss +zzzz</example>
	  where:
	  <list compact="compact">
	    <item>
	      day-of week is one of: Mon, Tue, Wed, Thu, Fri, Sat, Sun
	    </item>
	    <item>
	      dd is a one- or two-digit day of the month (01-31)
	    </item>
	    <item>
	      month is one of: Jan, Feb, Mar, Apr, May, Jun, Jul, Aug,
	      Sep, Oct, Nov, Dec
	    </item>
	    <item>yyyy is the four-digit year (e.g. 2010)</item>
	    <item>hh is the two-digit hour (00-23)</item>
	    <item>mm is the two-digit minutes (00-59)</item>
	    <item>ss is the two-digit seconds (00-60)</item>
	    <item>
	      +zzzz or -zzzz is the the time zone offset from Coordinated
	      Universal Time (UTC).  "+" indicates that the time is ahead
	      of (i.e., east of) UTC and "-" indicates that the time is
	      behind (i.e., west of) UTC.  The first two digits indicate
	      the hour difference from UTC and the last two digits
	      indicate the number of additional minutes difference from
	      UTC.  The last two digits must be in the range 00-59.
	    </item>
	  </list>
	</p>

	<p>
	  The first "title" line with the package name must start
	  at the left hand margin.  The "trailer" line with the
	  maintainer and date details must be preceded by exactly
	  one space.  The maintainer details and the date must be
	  separated by exactly two spaces.
	</p>

	<p>
	  The entire changelog must be encoded in UTF-8.
	</p>

	<p>
	  For more information on placement of the changelog files
	  within binary packages, please see <ref id="changelogs">.
	</p>
      </sect>

      <sect id="dpkgcopyright">
	<heading>Copyright: <file>debian/copyright</file></heading>
        <p>
	  Every package must be accompanied by a verbatim copy of its
	  copyright information and distribution license in the file
	  <file>/usr/share/doc/<var>package</var>/copyright</file>
	  (see <ref id="copyrightfile"> for further details). Also see
	  <ref id="pkgcopyright"> for further considerations related
	  to copyrights for packages.
        </p>
      </sect>
      <sect>
	<heading>Error trapping in makefiles</heading>

	<p>
	  When <prgn>make</prgn> invokes a command in a makefile
	  (including your package's upstream makefiles and
	  <file>debian/rules</file>), it does so using <prgn>sh</prgn>.  This
	  means that <prgn>sh</prgn>'s usual bad error handling
	  properties apply: if you include a miniature script as one
	  of the commands in your makefile you'll find that if you
	  don't do anything about it then errors are not detected
	  and <prgn>make</prgn> will blithely continue after
	  problems.
	</p>

	<p>
	  Every time you put more than one shell command (this
	  includes using a loop) in a makefile command you
	  must make sure that errors are trapped.  For
	  simple compound commands, such as changing directory and
	  then running a program, using <tt>&amp;&amp;</tt> rather
	  than semicolon as a command separator is sufficient.  For
	  more complex commands including most loops and
	  conditionals you should include a separate <tt>set -e</tt>
	  command at the start of every makefile command that's
	  actually one of these miniature shell scripts.
	</p>
      </sect>

      <sect id="timestamps">
	<heading>Time Stamps</heading>
	<p>
	  Maintainers should preserve the modification times of the
	  upstream source files in a package, as far as is reasonably
	  possible.<footnote>
	      The rationale is that there is some information conveyed
	      by knowing the age of the file, for example, you could
	      recognize that some documentation is very old by looking
	      at the modification time, so it would be nice if the
	      modification time of the upstream source would be
	      preserved.
	  </footnote>
	</p>
      </sect>

      <sect id="restrictions">
	<heading>Restrictions on objects in source packages</heading>

	<p>
	  The source package may not contain any hard links<footnote>
	    <p>
	      This is not currently detected when building source
	      packages, but only when extracting
	      them.
	    </p>
	    <p>
	      Hard links may be permitted at some point in the
	      future, but would require a fair amount of
	      work.
	    </p>
	  </footnote>, device special files, sockets or setuid or
	  setgid files.<footnote>
	      Setgid directories are allowed.
	  </footnote>
	</p>
      </sect>

      <sect id="debianrules">
	<heading>Main building script: <file>debian/rules</file></heading>

	<p>
	  This file must be an executable makefile, and contains the
	  package-specific recipes for compiling the package and
	  building binary package(s) from the source.
	</p>

	<p>
	  It must start with the line <tt>#!/usr/bin/make -f</tt>,
	  so that it can be invoked by saying its name rather than
	  invoking <prgn>make</prgn> explicitly. That is, invoking
          either of <tt>make -f debian/rules <em>args...</em></tt>
          or <tt>./debian/rules <em>args...</em></tt> must result in
          identical behavior.
	</p>

	<p>
	  The following targets are required and must be implemented
	  by <file>debian/rules</file>: <tt>clean</tt>, <tt>binary</tt>,
	  <tt>binary-arch</tt>, <tt>binary-indep</tt>, <tt>build</tt>,
	  <tt>build-arch</tt> and <tt>build-indep</tt>.
	  These are the targets called by <prgn>dpkg-buildpackage</prgn>.
	</p>

	<p>
	  Since an interactive <file>debian/rules</file> script makes it
	  impossible to auto-compile that package and also makes it hard
	  for other people to reproduce the same binary package, all
	  required targets must be non-interactive.  It also follows that
	  any target that these targets depend on must also be
	  non-interactive.
	</p>
	<p>
          For packages in the main archive, no required targets
          may attempt network access.
	</p>

	<p>
	  The targets are as follows:
	  <taglist>
	    <tag><tt>build</tt> (required)</tag>
	    <item>
	      <p>
		The <tt>build</tt> target should perform all the
		configuration and compilation of the package.
		If a package has an interactive pre-build
		configuration routine, the Debian source package
		must either be built after this has taken place (so
		that the binary package can be built without rerunning
		the configuration) or the configuration routine
		modified to become non-interactive.  (The latter is
		preferable if there are architecture-specific features
		detected by the configuration routine.)
	      </p>

	      <p>
		For some packages, notably ones where the same
		source tree is compiled in different ways to produce
		two binary packages, the <tt>build</tt> target
		does not make much sense.  For these packages it is
		good enough to provide two (or more) targets
		(<tt>build-a</tt> and <tt>build-b</tt> or whatever)
		for each of the ways of building the package, and a
		<tt>build</tt> target that does nothing.  The
		<tt>binary</tt> target will have to build the
		package in each of the possible ways and make the
		binary package out of each.
	      </p>

	      <p>
		The <tt>build</tt> target must not do anything
		that might require root privilege.
	      </p>

	      <p>
		The <tt>build</tt> target may need to run the
		<tt>clean</tt> target first - see below.
	      </p>

	      <p>
		When a package has a configuration and build routine
		which takes a long time, or when the makefiles are
		poorly designed, or when <tt>build</tt> needs to
		run <tt>clean</tt> first, it is a good idea to
		<tt>touch build</tt> when the build process is
		complete.  This will ensure that if <tt>debian/rules
		build</tt> is run again it will not rebuild the whole
		program.<footnote>
		    Another common way to do this is for <tt>build</tt>
		    to depend on <prgn>build-stamp</prgn> and to do
		    nothing else, and for the <prgn>build-stamp</prgn>
		    target to do the building and to <tt>touch
		    build-stamp</tt> on completion.  This is
		    especially useful if the build routine creates a
		    file or directory called <tt>build</tt>; in such a
		    case, <tt>build</tt> will need to be listed as
		    a phony target (i.e., as a dependency of the
		    <tt>.PHONY</tt> target).  See the documentation of
		    <prgn>make</prgn> for more information on phony
		    targets.
		</footnote>
	      </p>
	    </item>

	    <tag><tt>build-arch</tt> (required),
		 <tt>build-indep</tt> (required)
	    </tag>
	    <item>
	      <p>
		The <tt>build-arch</tt> target must
		perform all the configuration and compilation required for
		producing all architecture-dependant binary packages
		(those packages for which the body of the
		<tt>Architecture</tt> field in <tt>debian/control</tt> is
		not <tt>all</tt>).  Similarly, the <tt>build-indep</tt>
		target must perform all the configuration
		and compilation required for producing all
		architecture-independent binary packages (those packages
		for which the body of the <tt>Architecture</tt> field
		in <tt>debian/control</tt> is <tt>all</tt>).
		The <tt>build</tt> target
		should either depend on those targets or take the same
		actions as invoking those targets would perform.<footnote>
		  This split allows binary-only builds to not install the
		  dependencies required for the <tt>build-indep</tt>
		  target and skip any resource-intensive build tasks that
		  are only required when building architecture-independent
		  binary packages.
		</footnote>
	      </p>

	      <p>
		The <tt>build-arch</tt> and <tt>build-indep</tt> targets
		must not do anything that might require root privilege.
	      </p>
	    </item>

	    <tag><tt>binary</tt> (required), <tt>binary-arch</tt>
	      (required), <tt>binary-indep</tt> (required)
	    </tag>
	    <item>
	      <p>
		The <tt>binary</tt> target must be all that is
		necessary for the user to build the binary package(s)
		produced from this source package.  It is
		split into two parts: <prgn>binary-arch</prgn> builds
		the binary packages which are specific to a particular
		architecture, and <tt>binary-indep</tt> builds
		those which are not.
	      </p>
	      <p>
		<tt>binary</tt> may be (and commonly is) a target with
		no commands which simply depends on
		<tt>binary-arch</tt> and <tt>binary-indep</tt>.
	      </p>
	      <p>
		Both <tt>binary-*</tt> targets should depend on the
		<tt>build</tt> target, or on the appropriate
		<tt>build-arch</tt> or <tt>build-indep</tt> target, if
		provided, so that the package is built if it has not
		been already.  It should then create the relevant
		binary package(s), using <prgn>dpkg-gencontrol</prgn> to
		make their control files and <prgn>dpkg-deb</prgn> to
		build them and place them in the parent of the top
		level directory.
	      </p>

	      <p>
		Both the <tt>binary-arch</tt> and
		<tt>binary-indep</tt> targets <em>must</em> exist.
		If one of them has nothing to do (which will always be
		the case if the source generates only a single binary
		package, whether architecture-dependent or not), it
		must still exist and must always succeed.
	      </p>

	      <p>
		The <tt>binary</tt> targets must be invoked as
		root.<footnote>
		    The <prgn>fakeroot</prgn> package often allows one
		    to build a package correctly even without being
		    root.
		</footnote>
	      </p>
	    </item>

	    <tag><tt>clean</tt> (required)</tag>
	    <item>
	      <p>
		This must undo any effects that the <tt>build</tt>
		and <tt>binary</tt> targets may have had, except
		that it should leave alone any output files created in
		the parent directory by a run of a <tt>binary</tt>
		target.
	      </p>

	      <p>
		If a <tt>build</tt> file is touched at the end of
		the <tt>build</tt> target, as suggested above, it
		should be removed as the first action that
		<tt>clean</tt> performs, so that running
		<tt>build</tt> again after an interrupted
		<tt>clean</tt> doesn't think that everything is
		already done.
	      </p>

	      <p>
		The <tt>clean</tt> target may need to be
		invoked as root if <tt>binary</tt> has been
		invoked since the last <tt>clean</tt>, or if
		<tt>build</tt> has been invoked as root (since
		<tt>build</tt> may create directories, for
		example).
	      </p>
	    </item>

	    <tag><tt>get-orig-source</tt> (optional)</tag>
	    <item>
	      <p>
		This target fetches the most recent version of the
		original source package from a canonical archive site
		(via FTP or WWW, for example), does any necessary
		rearrangement to turn it into the original source
		tar file format described below, and leaves it in the
		current directory.
	      </p>

	      <p>
		This target may be invoked in any directory, and
		should take care to clean up any temporary files it
		may have left.
	      </p>

	      <p>
		This target is optional, but providing it if
		possible is a good idea.
	      </p>
	    </item>

	    <tag><tt>patch</tt> (optional)</tag>
	    <item>
	      <p>
		This target performs whatever additional actions are
		required to make the source ready for editing (unpacking
		additional upstream archives, applying patches, etc.).
		It is recommended to be implemented for any package where
		<tt>dpkg-source -x</tt> does not result in source ready
		for additional modification.  See
		<ref id="readmesource">.
	      </p>
	    </item>
	  </taglist>

	<p>
	  The <tt>build</tt>, <tt>binary</tt> and
	  <tt>clean</tt> targets must be invoked with the current
	  directory being the package's top-level directory.
	</p>


	<p>
	  Additional targets may exist in <file>debian/rules</file>,
	  either as published or undocumented interfaces or for the
	  package's internal use.
	</p>

	<p>
	  The architectures we build on and build for are determined
	  by <prgn>make</prgn> variables using the
	  utility <prgn>dpkg-architecture</prgn>.
	  You can determine the Debian architecture and the GNU style
	  architecture specification string for the build architecture as
	  well as for the host architecture.  The build architecture is
	  the architecture on which <file>debian/rules</file> is run and
	  the package build is performed.  The host architecture is the
	  architecture on which the resulting package will be installed
	  and run.  These are normally the same, but may be different in
	  the case of cross-compilation (building packages for one
	  architecture on machines of a different architecture).
	</p>

	<p>
	  Here is a list of supported <prgn>make</prgn> variables:
	  <list compact="compact">
	    <item>
		<tt>DEB_*_ARCH</tt> (the Debian architecture)
	    </item>
	    <item>
		<tt>DEB_*_ARCH_CPU</tt> (the Debian CPU name)
	    </item>
	    <item>
		<tt>DEB_*_ARCH_OS</tt> (the Debian System name)
	    </item>
	    <item>
		<tt>DEB_*_GNU_TYPE</tt> (the GNU style architecture
		specification string)
	    </item>
	    <item>
		<tt>DEB_*_GNU_CPU</tt> (the CPU part of
		<tt>DEB_*_GNU_TYPE</tt>)
	    </item>
	    <item>
		<tt>DEB_*_GNU_SYSTEM</tt> (the System part of
		<tt>DEB_*_GNU_TYPE</tt>)
	  </list>
	  where <tt>*</tt> is either <tt>BUILD</tt> for specification of
	  the build architecture or <tt>HOST</tt> for specification of the
	  host architecture.
	</p>

	<p>
	  Backward compatibility can be provided in the rules file
	  by setting the needed variables to suitable default
	  values; please refer to the documentation of
	  <prgn>dpkg-architecture</prgn> for details.
	</p>

	<p>
	  It is important to understand that the <tt>DEB_*_ARCH</tt>
	  string only determines which Debian architecture we are
	  building on or for. It should not be used to get the CPU
	  or system information; the <tt>DEB_*_ARCH_CPU</tt> and
	  <tt>DEB_*_ARCH_OS</tt> variables should be used for that.
	  GNU style variables should generally only be used with upstream
	  build systems.
	</p>

	<sect1 id="debianrules-options">
	  <heading><file>debian/rules</file> and
	    <tt>DEB_BUILD_OPTIONS</tt></heading>

	  <p>
	    Supporting the standardized environment variable
	    <tt>DEB_BUILD_OPTIONS</tt> is recommended.	This variable can
	    contain several flags to change how a package is compiled and
	    built.  Each flag must be in the form <var>flag</var> or
	    <var>flag</var>=<var>options</var>.	 If multiple flags are
	    given, they must be separated by whitespace.<footnote>
	      Some packages support any delimiter, but whitespace is the
	      easiest to parse inside a makefile and avoids ambiguity with
	      flag values that contain commas.
	    </footnote>
	    <var>flag</var> must start with a lowercase letter
	    (<tt>a-z</tt>) and consist only of lowercase letters,
	    numbers (<tt>0-9</tt>), and the characters
	    <tt>-</tt> and <tt>_</tt> (hyphen and underscore).
	    <var>options</var> must not contain whitespace.  The same
	    tag should not be given multiple times with conflicting
	    values.  Package maintainers may assume that
	    <tt>DEB_BUILD_OPTIONS</tt> will not contain conflicting tags.
	  </p>

	  <p>
	    The meaning of the following tags has been standardized:
	    <taglist>
	      <tag>nocheck</tag>
	      <item>
		  This tag says to not run any build-time test suite
		  provided by the package.
	      </item>
	      <tag>noopt</tag>
	      <item>
		  The presence of this tag means that the package should
		  be compiled with a minimum of optimization.  For C
		  programs, it is best to add <tt>-O0</tt> to
		  <tt>CFLAGS</tt> (although this is usually the default).
		  Some programs might fail to build or run at this level
		  of optimization; it may be necessary to use
		  <tt>-O1</tt>, for example.
	      </item>
	      <tag>nostrip</tag>
	      <item>
		  This tag means that the debugging symbols should not be
		  stripped from the binary during installation, so that
		  debugging information may be included in the package.
	      </item>
	      <tag>parallel=n</tag>
	      <item>
		  This tag means that the package should be built using up
		  to <tt>n</tt> parallel processes if the package build
		  system supports this.<footnote>
		      Packages built with <tt>make</tt> can often implement
		      this by passing the <tt>-j</tt><var>n</var> option to
		      <tt>make</tt>.
		  </footnote>
		  If the package build system does not support parallel
		  builds, this string must be ignored.  If the package
		  build system only supports a lower level of concurrency
		  than <var>n</var>, the package should be built using as
		  many parallel processes as the package build system
		  supports.  It is up to the package maintainer to decide
		  whether the package build times are long enough and the
		  package build system is robust enough to make supporting
		  parallel builds worthwhile.
	       </item>
	    </taglist>
	  </p>

	  <p>
	    Unknown flags must be ignored by <file>debian/rules</file>.
	  </p>

	  <p>
	    The following makefile snippet is an example of how one may
	    implement the build options; you will probably have to
	    massage this example in order to make it work for your
	    package.
	    <example compact="compact">
CFLAGS = -Wall -g
INSTALL = install
INSTALL_FILE    = $(INSTALL) -p    -o root -g root  -m  644
INSTALL_PROGRAM = $(INSTALL) -p    -o root -g root  -m  755
INSTALL_SCRIPT  = $(INSTALL) -p    -o root -g root  -m  755
INSTALL_DIR     = $(INSTALL) -p -d -o root -g root  -m  755

ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
    CFLAGS += -O0
else
    CFLAGS += -O2
endif
ifeq (,$(filter nostrip,$(DEB_BUILD_OPTIONS)))
    INSTALL_PROGRAM += -s
endif
ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
    NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
    MAKEFLAGS += -j$(NUMJOBS)
endif

build:
	# ...
ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
	# Code to run the package test suite.
endif
	    </example>
	  </p>
	</sect1>
      </sect>

<!-- FIXME: section pkg-srcsubstvars is the same as substvars -->
      <sect id="substvars">
	<heading>Variable substitutions: <file>debian/substvars</file></heading>

	<p>
	  When <prgn>dpkg-gencontrol</prgn>
	  generates <qref id="binarycontrolfiles">binary package control
	  files</qref> (<file>DEBIAN/control</file>), it performs variable
	  substitutions on its output just before writing it.  Variable
	  substitutions have the form <tt>${<var>variable</var>}</tt>.
	  The optional file <file>debian/substvars</file> contains
	  variable substitutions to be used; variables can also be set
	  directly from <file>debian/rules</file> using the <tt>-V</tt>
	  option to the source packaging commands, and certain predefined
	  variables are also available.
	</p>

	<p>
	  The <file>debian/substvars</file> file is usually generated and
	  modified dynamically by <file>debian/rules</file> targets, in
	  which case it must be removed by the <tt>clean</tt> target.
	</p>

	<p>
	  See <manref name="deb-substvars" section="5"> for full
	  details about source variable substitutions, including the
	  format of <file>debian/substvars</file>.</p>
      </sect>

      <sect id="debianwatch">
        <heading>Optional upstream source location: <file>debian/watch</file></heading>

        <p>
          This is an optional, recommended configuration file for the
          <tt>uscan</tt> utility which defines how to automatically scan
          ftp or http sites for newly available updates of the
          package. This is used Debian QA
          tools to help with quality control and maintenance of the
          distribution as a whole.
        </p>

      </sect>

      <sect id="debianfiles">
	<heading>Generated files list: <file>debian/files</file></heading>

	<p>
	  This file is not a permanent part of the source tree; it
	  is used while building packages to record which files are
	  being generated.  <prgn>dpkg-genchanges</prgn> uses it
	  when it generates a <file>.changes</file> file.
	</p>

	<p>
	  It should not exist in a shipped source package, and so it
	  (and any backup files or temporary files such as
	  <file>files.new</file><footnote>
	      <file>files.new</file> is used as a temporary file by
	      <prgn>dpkg-gencontrol</prgn> and
	      <prgn>dpkg-distaddfile</prgn> - they write a new
	      version of <tt>files</tt> here before renaming it,
	      to avoid leaving a corrupted copy if an error
	      occurs.
	  </footnote>) should be removed by the
	  <tt>clean</tt> target.  It may also be wise to
	  ensure a fresh start by emptying or removing it at the
	  start of the <tt>binary</tt> target.
	</p>

	<p>
	  When <prgn>dpkg-gencontrol</prgn> is run for a binary
	  package, it adds an entry to <file>debian/files</file> for the
	  <file>.deb</file> file that will be created when <tt>dpkg-deb
	  --build</tt> is run for that binary package.  So for most
	  packages all that needs to be done with this file is to
	  delete it in the <tt>clean</tt> target.
	</p>

	<p>
	  If a package upload includes files besides the source
	  package and any binary packages whose control files were
	  made with <prgn>dpkg-gencontrol</prgn> then they should be
	  placed in the parent of the package's top-level directory
	  and <prgn>dpkg-distaddfile</prgn> should be called to add
	  the file to the list in <file>debian/files</file>.</p>
      </sect>

      <sect id="embeddedfiles">
	<heading>Convenience copies of code</heading>

	<p>
	  Some software packages include in their distribution convenience
	  copies of code from other software packages, generally so that
	  users compiling from source don't have to download multiple
	  packages.  Debian packages should not make use of these
	  convenience copies unless the included package is explicitly
	  intended to be used in this way.<footnote>
	    For example, parts of the GNU build system work like this.
	  </footnote>
	  If the included code is already in the Debian archive in the
	  form of a library, the Debian packaging should ensure that
	  binary packages reference the libraries already in Debian and
	  the convenience copy is not used.  If the included code is not
	  already in Debian, it should be packaged separately as a
	  prerequisite if possible.
	  <footnote>
	    Having multiple copies of the same code in Debian is
	    inefficient, often creates either static linking or shared
	    library conflicts, and, most importantly, increases the
	    difficulty of handling security vulnerabilities in the
	    duplicated code.
	  </footnote>
	</p>
      </sect>

      <sect id="readmesource">
	<heading>Source package handling:
	  <file>debian/README.source</file></heading>

	<p>
	  If running <prgn>dpkg-source -x</prgn> on a source package
	  doesn't produce the source of the package, ready for editing,
	  and allow one to make changes and run
	  <prgn>dpkg-buildpackage</prgn> to produce a modified package
	  without taking any additional steps, creating a
	  <file>debian/README.source</file> documentation file is
	  recommended.  This file should explain how to do all of the
	  following:
	    <enumlist>
	      <item>Generate the fully patched source, in a form ready for
	      editing, that would be built to create Debian
	      packages.  Doing this with a <tt>patch</tt> target in
	      <file>debian/rules</file> is recommended; see
	      <ref id="debianrules">.</item>
	      <item>Modify the source and save those modifications so that
	      they will be applied when building the package.</item>
	      <item>Remove source modifications that are currently being
	      applied when building the package.</item>
	      <item>Optionally, document what steps are necessary to
	      upgrade the Debian source package to a new upstream version,
	      if applicable.</item>
	    </enumlist>
	  This explanation should include specific commands and mention
	  any additional required Debian packages.  It should not assume
	  familiarity with any specific Debian packaging system or patch
	  management tools.
	</p>

	<p>
	  This explanation may refer to a documentation file installed by
	  one of the package's build dependencies provided that the
	  referenced documentation clearly explains these tasks and is not
	  a general reference manual.
	</p>

	<p>
	  <file>debian/README.source</file> may also include any other
	  information that would be helpful to someone modifying the
	  source package.  Even if the package doesn't fit the above
	  description, maintainers are encouraged to document in a
	  <file>debian/README.source</file> file any source package with a
	  particularly complex or unintuitive source layout or build
	  system (for example, a package that builds the same source
	  multiple times to generate different binary packages).
	</p>
      </sect>
    </chapt>


    <chapt id="controlfields">
      <heading>Control files and their fields</heading>

      <p>
	The package management system manipulates data represented in
	a common format, known as <em>control data</em>, stored in
	<em>control files</em>.
	Control files are used for source packages, binary packages and
	the <file>.changes</file> files which control the installation
	of uploaded files<footnote>
	    <prgn>dpkg</prgn>'s internal databases are in a similar
	    format.
	</footnote>.
      </p>

      <sect id="controlsyntax">
	<heading>Syntax of control files</heading>

	<p>
	  A control file consists of one or more paragraphs of
	  fields<footnote>
		The paragraphs are also sometimes referred to as stanzas.
	  </footnote>.
	  The paragraphs are separated by empty lines.  Parsers may accept
	  lines consisting solely of spaces and tabs as paragraph
	  separators, but control files should use empty lines.  Some control
	  files allow only one paragraph; others allow several, in
	  which case each paragraph usually refers to a different
	  package.  (For example, in source packages, the first
	  paragraph refers to the source package, and later paragraphs
	  refer to binary packages generated from the source.)  The
	  ordering of the paragraphs in control files is significant.
	</p>

	<p>
	  Each paragraph consists of a series of data fields.  Each field
	  consists of the field name followed by a colon and then the
	  data/value associated with that field.  The field name is
	  composed of US-ASCII characters excluding control characters,
	  space, and colon (i.e., characters in the ranges 33-57 and
	  59-126, inclusive).  Field names must not begin with the comment
	  character, <tt>#</tt>, nor with the hyphen character, <tt>-</tt>.
	</p>

	<p>
	  The field ends at the end of the line or at the end of the last
	  continuation line (see below).  Horizontal whitespace (spaces
	  and tabs) may occur immediately before or after the value and is
	  ignored there; it is conventional to put a single space after
	  the colon.  For example, a field might be:
	  <example compact="compact">
Package: libc6
	  </example>
	  the field name is <tt>Package</tt> and the field value
	  <tt>libc6</tt>.
	</p>
        <p> Empty field values are only permitted in source package control files
	  (<file>debian/control</file>). Such fields are ignored.
        </p>
	<p>
	  A paragraph must not contain more than one instance of a
	  particular field name.
	</p>

	<p>
	  There are three types of fields:
	  <taglist>
	    <tag>simple</tag>
	    <item>
	      The field, including its value, must be a single line.  Folding
	      of the field is not permitted.  This is the default field type
	      if the definition of the field does not specify a different
	      type.
	    </item>
	    <tag>folded</tag>
	    <item>
	      The value of a folded field is a logical line that may span
	      several lines.  The lines after the first are called
	      continuation lines and must start with a space or a tab.
	      Whitespace, including any newlines, is not significant in the
	      field values of folded fields.<footnote>
	        This folding method is similar to RFC 5322, allowing control
	        files that contain only one paragraph and no multiline fields
	        to be read by parsers written for RFC 5322.
	      </footnote>
	    </item>
	    <tag>multiline</tag>
	    <item>
	      The value of a multiline field may comprise multiple continuation
	      lines.  The first line of the value, the part on the same line as
	      the field name, often has special significance or may have to be
	      empty.  Other lines are added following the same syntax as the
	      continuation lines of the folded fields.  Whitespace, including newlines,
	      is significant in the values of multiline fields.
	    </item>
	  </taglist>
	</p>

	<p>
	  Whitespace must not appear
          inside names (of packages, architectures, files or anything
          else) or version numbers, or between the characters of
          multi-character version relationships.
	</p>

	<p>
	  The presence and purpose of a field, and the syntax of its
	  value may differ between types of control files.
	</p>

	<p>
	  Field names are not case-sensitive, but it is usual to
	  capitalize the field names using mixed case as shown below.
	  Field values are case-sensitive unless the description of the
	  field says otherwise.
	</p>

	<p>
	  Paragraph separators (empty lines) and lines consisting only of
	  spaces and tabs are not allowed within field values or between
	  fields.  Empty lines in field values are usually escaped by
	  representing them by a space followed by a dot.
	</p>

	<p>
	  Lines starting with # without any preceding whitespace are comments
	  lines that are only permitted in source package control files
	  (<file>debian/control</file>).  These comment lines are ignored, even
	  between two continuation lines.  They do not end logical lines.
	</p>

	<p>
	  All control files must be encoded in UTF-8.
	</p>
      </sect>

      <sect id="sourcecontrolfiles">
	<heading>Source package control files -- <file>debian/control</file></heading>

	<p>
	  The <file>debian/control</file> file contains the most vital
	  (and version-independent) information about the source package
	  and about the binary packages it creates.
	</p>

	<p>
	  The first paragraph of the control file contains information about
	  the source package in general. The subsequent sets each describe a
	  binary package that the source tree builds.
	</p>

	<p>
	  The fields in the general paragraph (the first one, for the source
	  package) are:

	  <list compact="compact">
	    <item><qref id="f-Source"><tt>Source</tt></qref> (mandatory)</item>
	    <item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
	    <item><qref id="f-Uploaders"><tt>Uploaders</tt></qref></item>
	    <item><qref id="f-Section"><tt>Section</tt></qref> (recommended)</item>
	    <item><qref id="f-Priority"><tt>Priority</tt></qref> (recommended)</item>
	    <item><qref id="sourcebinarydeps"><tt>Build-Depends</tt> et al</qref></item>
	    <item><qref id="f-Standards-Version"><tt>Standards-Version</tt></qref> (recommended)</item>
	    <item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
	    <item><qref id="f-VCS-fields"><tt>Vcs-Browser</tt>, <tt>Vcs-Git</tt>, et al.</qref></item>
	  </list>
	</p>

	<p>
	  The fields in the binary package paragraphs are:

	  <list compact="compact">
	    <item><qref id="f-Package"><tt>Package</tt></qref> (mandatory)</item>
	    <item><qref id="f-Architecture"><tt>Architecture</tt></qref> (mandatory)</item>
	    <item><qref id="f-Section"><tt>Section</tt></qref> (recommended)</item>
	    <item><qref id="f-Priority"><tt>Priority</tt></qref> (recommended)</item>
	    <item><qref id="f-Essential"><tt>Essential</tt></qref></item>
	    <item><qref id="binarydeps"><tt>Depends</tt> et al</qref></item>
	    <item><qref id="f-Description"><tt>Description</tt></qref> (mandatory)</item>
	    <item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
	    <item><qref id="built-using"><tt>Built-Using</tt></qref></item>
	    <item><qref id="f-Package-Type"><tt>Package-Type</tt></qref></item>
	  </list>
	</p>

	<p>
	  The syntax and semantics of the fields are described below.
	</p>

	<p>
	  These fields are used by <prgn>dpkg-gencontrol</prgn> to
	  generate control files for binary packages (see below), by
	  <prgn>dpkg-genchanges</prgn> to generate the
	  <file>.changes</file> file to accompany the upload, and by
	  <prgn>dpkg-source</prgn> when it creates the
	  <file>.dsc</file> source control file as part of a source
	  archive.  Some fields are folded in <file>debian/control</file>,
	  but not in any other control
	  file. These tools are responsible for removing the line
	  breaks from such fields when using fields from
	  <file>debian/control</file> to generate other control files.
	  They are also responsible for discarding empty fields.
	</p>

	<p>
	  The fields here may contain variable references - their
	  values will be substituted by <prgn>dpkg-gencontrol</prgn>,
	  <prgn>dpkg-genchanges</prgn> or <prgn>dpkg-source</prgn>
	  when they generate output control files.
	  See <ref id="substvars"> for details.
	</p>
      </sect>

      <sect id="binarycontrolfiles">
	<heading>Binary package control files -- <file>DEBIAN/control</file></heading>

	<p>
	  The <file>DEBIAN/control</file> file contains the most vital
	  (and version-dependent) information about a binary package.  It
	  consists of a single paragraph.
	</p>

	<p>
	  The fields in this file are:

	  <list compact="compact">
	    <item><qref id="f-Package"><tt>Package</tt></qref> (mandatory)</item>
	    <item><qref id="f-Source"><tt>Source</tt></qref></item>
	    <item><qref id="f-Version"><tt>Version</tt></qref> (mandatory)</item>
	    <item><qref id="f-Section"><tt>Section</tt></qref> (recommended)</item>
	    <item><qref id="f-Priority"><tt>Priority</tt></qref> (recommended)</item>
	    <item><qref id="f-Architecture"><tt>Architecture</tt></qref> (mandatory)</item>
	    <item><qref id="f-Essential"><tt>Essential</tt></qref></item>
	    <item><qref id="binarydeps"><tt>Depends</tt> et al</qref></item>
	    <item><qref id="f-Installed-Size"><tt>Installed-Size</tt></qref></item>
	    <item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
	    <item><qref id="f-Description"><tt>Description</tt></qref> (mandatory)</item>
	    <item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
	    <item><qref id="built-using"><tt>Built-Using</tt></qref></item>
	  </list>
	</p>
      </sect>

      <sect id="debiansourcecontrolfiles">
	<heading>Debian source control files -- <tt>.dsc</tt></heading>

	<p>
	  This file consists of a single paragraph, possibly surrounded by
	  a PGP signature. The fields of that paragraph are listed below.
	  Their syntax is described above, in <ref id="controlsyntax">.

	<list compact="compact">
	  <item><qref id="f-Format"><tt>Format</tt></qref> (mandatory)</item>
	  <item><qref id="f-Source"><tt>Source</tt></qref> (mandatory)</item>
	  <item><qref id="f-Binary"><tt>Binary</tt></qref></item>
	  <item><qref id="f-Architecture"><tt>Architecture</tt></qref></item>
	  <item><qref id="f-Version"><tt>Version</tt></qref> (mandatory)</item>
	  <item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
	  <item><qref id="f-Uploaders"><tt>Uploaders</tt></qref></item>
	  <item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
	  <item><qref id="f-VCS-fields"><tt>Vcs-Browser</tt>, <tt>Vcs-Git</tt>, et al.</qref></item>
	  <item><qref id="f-Dgit"><tt>Dgit</tt></qref></item>
	  <item><qref id="f-Standards-Version"><tt>Standards-Version</tt></qref> (recommended)</item>
	  <item><qref id="sourcebinarydeps"><tt>Build-Depends</tt> et al</qref></item>
	  <item><qref id="f-Package-List"><tt>Package-List</tt></qref> (recommended)</item>
	  <item><qref id="f-Checksums"><tt>Checksums-Sha1</tt>
	      and <tt>Checksums-Sha256</tt></qref> (mandatory)</item>
	  <item><qref id="f-Files"><tt>Files</tt></qref> (mandatory)</item>
	</list>
	</p>

	<p>
	  The Debian source control file is generated by
	  <prgn>dpkg-source</prgn> when it builds the source
	  archive, from other files in the source package,
	  described above.  When unpacking, it is checked against
	  the files and directories in the other parts of the
	  source package.
	</p>

      </sect>

      <sect id="debianchangesfiles">
	<heading>Debian changes files -- <file>.changes</file></heading>

	<p>
	  The <file>.changes</file> files are used by the Debian archive
	  maintenance software to process updates to packages. They
	  consist of a single paragraph, possibly surrounded by a PGP
	  signature. That paragraph contains information from the
	  <file>debian/control</file> file and other data about the
	  source package gathered via <file>debian/changelog</file>
	  and <file>debian/rules</file>.
	</p>

	<p>
	  <file>.changes</file> files have a format version that is
	  incremented whenever the documented fields or their meaning
	  change.  This document describes format &changesversion;.
	</p>

	<p>
	  The fields in this file are:

	  <list compact="compact">
	    <item><qref id="f-Format"><tt>Format</tt></qref> (mandatory)</item>
	    <item><qref id="f-Date"><tt>Date</tt></qref> (mandatory)</item>
	    <item><qref id="f-Source"><tt>Source</tt></qref> (mandatory)</item>
	    <item><qref id="f-Binary"><tt>Binary</tt></qref> (mandatory)</item>
	    <item><qref id="f-Architecture"><tt>Architecture</tt></qref> (mandatory)</item>
	    <item><qref id="f-Version"><tt>Version</tt></qref> (mandatory)</item>
	    <item><qref id="f-Distribution"><tt>Distribution</tt></qref> (mandatory)</item>
	    <item><qref id="f-Urgency"><tt>Urgency</tt></qref> (recommended)</item>
	    <item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
	    <item><qref id="f-Changed-By"><tt>Changed-By</tt></qref></item>
	    <item><qref id="f-Description"><tt>Description</tt></qref> (mandatory)</item>
	    <item><qref id="f-Closes"><tt>Closes</tt></qref></item>
	    <item><qref id="f-Changes"><tt>Changes</tt></qref> (mandatory)</item>
	    <item><qref id="f-Checksums"><tt>Checksums-Sha1</tt>
		and <tt>Checksums-Sha256</tt></qref> (mandatory)</item>
	    <item><qref id="f-Files"><tt>Files</tt></qref> (mandatory)</item>
	  </list>
	</p>
      </sect>

      <sect id="controlfieldslist">
	<heading>List of fields</heading>

	<sect1 id="f-Source">
	  <heading><tt>Source</tt></heading>

	  <p>
	    This field identifies the source package name.
	  </p>

	  <p>
	    In <file>debian/control</file> or a <file>.dsc</file> file,
	    this field must contain only the name of the source package.
	  </p>

	  <p>
	    In a binary package control file or a <file>.changes</file>
	    file, the source package name may be followed by a version
	    number in parentheses<footnote>
		It is customary to leave a space after the package name
		if a version number is specified.
	    </footnote>.
	    This version number may be omitted (and is, by
	    <prgn>dpkg-gencontrol</prgn>) if it has the same value as
	    the <tt>Version</tt> field of the binary package in
	    question.  The field itself may be omitted from a binary
	    package control file when the source package has the same
	    name and version as the binary package.
	  </p>

	  <p>
	    Package names (both source and binary,
	    see <ref id="f-Package">) must consist only of lower case
	    letters (<tt>a-z</tt>), digits (<tt>0-9</tt>), plus
	    (<tt>+</tt>) and minus (<tt>-</tt>) signs, and periods
	    (<tt>.</tt>).  They must be at least two characters long and
	    must start with an alphanumeric character.
	  </p>
	</sect1>

	<sect1 id="f-Maintainer">
	  <heading><tt>Maintainer</tt></heading>

	  <p>
	    The package maintainer's name and email address.  The name
	    must come first, then the email address inside angle
	    brackets <tt>&lt;&gt;</tt> (in RFC822 format).
	  </p>

	  <p>
	    If the maintainer's name contains a full stop then the
	    whole field will not work directly as an email address due
	    to a misfeature in the syntax specified in RFC822; a
	    program using this field as an address must check for this
	    and correct the problem if necessary (for example by
	    putting the name in round brackets and moving it to the
	    end, and bringing the email address forward).
	  </p>

	  <p>
	    See <ref id="maintainer"> for additional requirements and
	    information about package maintainers.
	  </p>
	</sect1>

	<sect1 id="f-Uploaders">
          <heading><tt>Uploaders</tt></heading>

	  <p>
	    List of the names and email addresses of co-maintainers of the
	    package, if any. If the package has other maintainers besides
	    the one named in the <qref id="f-Maintainer">Maintainer
	    field</qref>, their names and email addresses should be listed
	    here. The format of each entry is the same as that of the
	    Maintainer field, and multiple entries must be comma
	    separated.
	  </p>

	  <p>
	    This is normally an optional field, but if
	    the <tt>Maintainer</tt> control field names a group of people
	    and a shared email address, the <tt>Uploaders</tt> field must
	    be present and must contain at least one human with their
	    personal email address.
	  </p>

	  <p>
	    The Uploaders field in <file>debian/control</file> can be folded.
	  </p>
 	</sect1>

	<sect1 id="f-Changed-By">
	  <heading><tt>Changed-By</tt></heading>

	  <p>
	    The name and email address of the person who prepared this
	    version of the package, usually a maintainer.  The syntax is
	    the same as for the <qref id="f-Maintainer">Maintainer
	    field</qref>.
	  </p>
	</sect1>

	<sect1 id="f-Section">
	  <heading><tt>Section</tt></heading>

	  <p>
	    This field specifies an application area into which the package
	    has been classified. See <ref id="subsections">.
	  </p>

	  <p>
	    When it appears in the <file>debian/control</file> file,
	    it gives the value for the subfield of the same name in
	    the <tt>Files</tt> field of the <file>.changes</file> file.
	    It also gives the default for the same field in the binary
	    packages.
	  </p>
	</sect1>

	<sect1 id="f-Priority">
	  <heading><tt>Priority</tt></heading>

	  <p>
	    This field represents how important it is that the user
	    have the package installed. See <ref id="priorities">.
	  </p>

	  <p>
	    When it appears in the <file>debian/control</file> file,
	    it gives the value for the subfield of the same name in
	    the <tt>Files</tt> field of the <file>.changes</file> file.
	    It also gives the default for the same field in the binary
	    packages.
	  </p>
	</sect1>

	<sect1 id="f-Package">
	  <heading><tt>Package</tt></heading>

	  <p>
	    The name of the binary package.
	  </p>

	  <p>
	    Binary package names must follow the same syntax and
	    restrictions as source package names.  See <ref id="f-Source">
	    for the details.
	  </p>
	</sect1>

	<sect1 id="f-Architecture">
	  <heading><tt>Architecture</tt></heading>

	  <p>
	    Depending on context and the control file used, the
	    <tt>Architecture</tt> field can include the following sets of
	    values:
	    <list>
		<item>
		  A unique single word identifying a Debian machine
		  architecture as described in <ref id="arch-spec">.
		</item>
		<item>
		  An architecture wildcard identifying a set of Debian
		  machine architectures, see <ref id="arch-wildcard-spec">.
		  <tt>any</tt> matches all Debian machine architectures
		  and is the most frequently used.
		</item>
		<item>
		  <tt>all</tt>, which indicates an
		  architecture-independent package.
		</item>
		<item>
		  <tt>source</tt>, which indicates a source package.
		</item>
	    </list>
	  </p>

	  <p>
	    In the main <file>debian/control</file> file in the source
	    package, this field may contain the special
	    value <tt>all</tt>, the special architecture
	    wildcard <tt>any</tt>, or a list of specific and wildcard
	    architectures separated by spaces.  If <tt>all</tt>
	    or <tt>any</tt> appears, that value must be the entire
	    contents of the field.  Most packages will use
	    either <tt>all</tt> or <tt>any</tt>.
	  </p>

	  <p>
	    Specifying a specific list of architectures indicates that the
	    source will build an architecture-dependent package only on
	    architectures included in the list.  Specifying a list of
	    architecture wildcards indicates that the source will build an
	    architecture-dependent package on only those architectures
	    that match any of the specified architecture wildcards.
	    Specifying a list of architectures or architecture wildcards
	    other than <tt>any</tt> is for the minority of cases where a
	    program is not portable or is not useful on some
	    architectures.  Where possible, the program should be made
	    portable instead.
	  </p>

	  <p>
	    In the Debian source control file <file>.dsc</file>, this
	    field contains a list of architectures and architecture
	    wildcards separated by spaces. When the list contains the
	    architecture wildcard <tt>any</tt>, the only other value
	    allowed in the list is <tt>all</tt>.
	  </p>

	  <p>
	    The list may include (or consist solely of) the special
	    value <tt>all</tt>.  In other words, in <file>.dsc</file>
	    files unlike the <file>debian/control</file>, <tt>all</tt> may
	    occur in combination with specific architectures.
	    The <tt>Architecture</tt> field in the Debian source control
	    file <file>.dsc</file> is generally constructed from
	    the <tt>Architecture</tt> fields in
	    the <file>debian/control</file> in the source package.
	  </p>

	  <p>
	    Specifying only <tt>any</tt> indicates that the source package
	    isn't dependent on any particular architecture and should
	    compile fine on any one. The produced binary package(s)
	    will be specific to whatever the current build architecture is.
	  </p>

	  <p>
	    Specifying only <tt>all</tt> indicates that the source package
	    will only build architecture-independent packages.
	  </p>

	  <p>
	    Specifying <tt>any all</tt> indicates that the source package
	    isn't dependent on any particular architecture. The set of
	    produced binary packages will include at least one
	    architecture-dependant package and one architecture-independent
	    package.
	  </p>

	  <p>
	    Specifying a list of architectures or architecture wildcards
	    indicates that the source will build an architecture-dependent
	    package, and will only work correctly on the listed or
	    matching architectures.  If the source package also builds at
	    least one architecture-independent package, <tt>all</tt> will
	    also be included in the list.
	  </p>

	  <p>
	    In a <file>.changes</file> file, the <tt>Architecture</tt>
	    field lists the architecture(s) of the package(s) currently
	    being uploaded.  This will be a list; if the source for the
	    package is also being uploaded, the special
	    entry <tt>source</tt> is also present.  <tt>all</tt> will be
	    present if any architecture-independent packages are being
	    uploaded.  Architecture wildcards such as <tt>any</tt> must
	    never occur in the <tt>Architecture</tt> field in
	    the <file>.changes</file> file.
	  </p>

	  <p>
	    See <ref id="debianrules"> for information on how to get
	    the architecture for the build process.
	  </p>
	</sect1>

	<sect1 id="f-Essential">
	  <heading><tt>Essential</tt></heading>

	  <p>
	    This is a boolean field which may occur only in the
	    control file of a binary package or in a per-package fields
	    paragraph of a source package control file.
	  </p>

	  <p>
	    If set to <tt>yes</tt> then the package management system
	    will refuse to remove the package (upgrading and replacing
	    it is still possible). The other possible value is <tt>no</tt>,
	    which is the same as not having the field at all.
	  </p>
	</sect1>

	<sect1>
	  <heading>Package interrelationship fields:
	    <tt>Depends</tt>, <tt>Pre-Depends</tt>,
	    <tt>Recommends</tt>, <tt>Suggests</tt>,
	    <tt>Breaks</tt>, <tt>Conflicts</tt>,
	    <tt>Provides</tt>, <tt>Replaces</tt>, <tt>Enhances</tt>
	  </heading>

	  <p>
	    These fields describe the package's relationships with
	    other packages.  Their syntax and semantics are described
	    in <ref id="relationships">.</p>
	</sect1>

	<sect1 id="f-Standards-Version">
	  <heading><tt>Standards-Version</tt></heading>

	  <p>
            The most recent version of the standards (the policy
	    manual and associated texts) with which the package
	    complies.
	  </p>

	  <p>
	    The version number has four components: major and minor
	    version number and major and minor patch level.  When the
	    standards change in a way that requires every package to
	    change the major number will be changed.  Significant
	    changes that will require work in many packages will be
	    signaled by a change to the minor number.  The major patch
	    level will be changed for any change to the meaning of the
	    standards, however small; the minor patch level will be
	    changed when only cosmetic, typographical or other edits
	    are made which neither change the meaning of the document
	    nor affect the contents of packages.
	  </p>

	  <p>
	    Thus only the first three components of the policy version
	    are significant in the <em>Standards-Version</em> control
	    field, and so either these three components or all four
	    components may be specified.<footnote>
	  	In the past, people specified the full version number
	  	in the Standards-Version field, for example "2.3.0.0".
	  	Since minor patch-level changes don't introduce new
	  	policy, it was thought it would be better to relax
	  	policy and only require the first 3 components to be
	  	specified, in this example "2.3.0".  All four
	  	components may still be used if someone wishes to do so.
	    </footnote>
	  </p>

	</sect1>

	<sect1 id="f-Version">
	  <heading><tt>Version</tt></heading>

	  <p>
	    The version number of a package. The format is:
	    [<var>epoch</var><tt>:</tt>]<var>upstream_version</var>[<tt>-</tt><var>debian_revision</var>]
	  </p>

	  <p>
	    The three components here are:
	    <taglist>
	      <tag><var>epoch</var></tag>
	      <item>
	        <p>
	          This is a single (generally small) unsigned integer.  It
	          may be omitted, in which case zero is assumed.  If it is
	          omitted then the <var>upstream_version</var> may not
	          contain any colons.
	        </p>

	        <p>
	          It is provided to allow mistakes in the version numbers
	          of older versions of a package, and also a package's
	          previous version numbering schemes, to be left behind.
	        </p>
	      </item>

	      <tag><var>upstream_version</var></tag>
	      <item>
	        <p>
	          This is the main part of the version number.  It is
	          usually the version number of the original ("upstream")
	          package from which the <file>.deb</file> file has been made,
	          if this is applicable.  Usually this will be in the same
	          format as that specified by the upstream author(s);
	          however, it may need to be reformatted to fit into the
	          package management system's format and comparison
	          scheme.
	        </p>

	        <p>
	          The comparison behavior of the package management system
	          with respect to the <var>upstream_version</var> is
	          described below.  The <var>upstream_version</var>
	          portion of the version number is mandatory.
	        </p>

	        <p>
	          The <var>upstream_version</var> may contain only
	          alphanumerics<footnote>
			Alphanumerics are <tt>A-Za-z0-9</tt> only.
	          </footnote>
	          and the characters <tt>.</tt> <tt>+</tt> <tt>-</tt>
	          <tt>:</tt> <tt>~</tt> (full stop, plus, hyphen, colon,
	          tilde) and should start with a digit.  If there is no
	          <var>debian_revision</var> then hyphens are not allowed;
	          if there is no <var>epoch</var> then colons are not
	          allowed.
		</p>
	      </item>

	      <tag><var>debian_revision</var></tag>
	      <item>
	        <p>
	          This part of the version number specifies the version of
	          the Debian package based on the upstream version.  It
	          may contain only alphanumerics and the characters
	          <tt>+</tt> <tt>.</tt> <tt>~</tt> (plus, full stop,
	          tilde) and is compared in the same way as the
	          <var>upstream_version</var> is.
	        </p>

	        <p>
	          It is optional; if it isn't present then the
	          <var>upstream_version</var> may not contain a hyphen.
	          This format represents the case where a piece of
	          software was written specifically to be a Debian
	          package, where the Debian package source must always
	          be identical to the pristine source and therefore no
	          revision indication is required.
	        </p>

	        <p>
	          It is conventional to restart the
	          <var>debian_revision</var> at <tt>1</tt> each time the
	          <var>upstream_version</var> is increased.
	        </p>

	        <p>
	          The package management system will break the version
	          number apart at the last hyphen in the string (if there
	          is one) to determine the <var>upstream_version</var> and
	          <var>debian_revision</var>.  The absence of a
	          <var>debian_revision</var> is equivalent to a
	          <var>debian_revision</var> of <tt>0</tt>.
	        </p>
	      </item>
	    </taglist>
	  </p>

	  <p>
	    When comparing two version numbers, first the <var>epoch</var>
	    of each are compared, then the <var>upstream_version</var> if
	    <var>epoch</var> is equal, and then <var>debian_revision</var>
	    if <var>upstream_version</var> is also equal.
	    <var>epoch</var> is compared numerically.  The
	    <var>upstream_version</var> and <var>debian_revision</var>
	    parts are compared by the package management system using the
	    following algorithm:
	  </p>

	  <p>
	    The strings are compared from left to right.
	  </p>

	  <p>
	    First the initial part of each string consisting entirely of
	    non-digit characters is determined.  These two parts (one of
	    which may be empty) are compared lexically.  If a difference
	    is found it is returned.  The lexical comparison is a
	    comparison of ASCII values modified so that all the letters
	    sort earlier than all the non-letters and so that a tilde
	    sorts before anything, even the end of a part.  For example,
	    the following parts are in sorted order from earliest to
	    latest: <tt>~~</tt>, <tt>~~a</tt>, <tt>~</tt>, the empty part,
	    <tt>a</tt>.<footnote>
	      One common use of <tt>~</tt> is for upstream pre-releases.
	      For example, <tt>1.0~beta1~svn1245</tt> sorts earlier than
	      <tt>1.0~beta1</tt>, which sorts earlier than <tt>1.0</tt>.
	    </footnote>
	  </p>

	  <p>
	    Then the initial part of the remainder of each string which
	    consists entirely of digit characters is determined.  The
	    numerical values of these two parts are compared, and any
	    difference found is returned as the result of the comparison.
	    For these purposes an empty string (which can only occur at
	    the end of one or both version strings being compared) counts
	    as zero.
	  </p>

	  <p>
	    These two steps (comparing and removing initial non-digit
	    strings and initial digit strings) are repeated until a
	    difference is found or both strings are exhausted.
	  </p>

	  <p>
	    Note that the purpose of epochs is to allow us to leave behind
	    mistakes in version numbering, and to cope with situations
	    where the version numbering scheme changes.  It is
	    <em>not</em> intended to cope with version numbers containing
	    strings of letters which the package management system cannot
	    interpret (such as <tt>ALPHA</tt> or <tt>pre-</tt>), or with
	    silly orderings.<footnote>
	      The author of this manual has heard of a package whose
	      versions went <tt>1.1</tt>, <tt>1.2</tt>, <tt>1.3</tt>,
	      <tt>1</tt>, <tt>2.1</tt>, <tt>2.2</tt>, <tt>2</tt> and so
	      forth.
	    </footnote>
	  </p>
	</sect1>

        <sect1 id="f-Description">
	  <heading><tt>Description</tt></heading>

	  <p>
	    In a source or binary control file, the <tt>Description</tt>
	    field contains a description of the binary package, consisting
	    of two parts, the synopsis or the short description, and the
	    long description.  It is a multiline field with the following
	    format:
	  </p>

	  <p>
<example>
	Description: &lt;single line synopsis&gt;
	 &lt;extended description over several lines&gt;
</example>
	  </p>

	  <p>
	    The lines in the extended description can have these formats:
	  </p>

	  <p><list>

	    <item>
	      Those starting with a single space are part of a paragraph.
	      Successive lines of this form will be word-wrapped when
	      displayed. The leading space will usually be stripped off.
	      The line must contain at least one non-whitespace character.
	    </item>

	    <item>
	      Those starting with two or more spaces. These will be
	      displayed verbatim. If the display cannot be panned
	      horizontally, the displaying program will line wrap them "hard"
	      (i.e., without taking account of word breaks). If it can they
	      will be allowed to trail off to the right. None, one or two
	      initial spaces may be deleted, but the number of spaces
	      deleted from each line will be the same (so that you can have
	      indenting work correctly, for example).  The line must
	      contain at least one non-whitespace character.
	    </item>

	    <item>
	      Those containing a single space followed by a single full stop
	      character. These are rendered as blank lines. This is the
	      <em>only</em> way to get a blank line<footnote>
		Completely empty lines will not be rendered as blank lines.
		Instead, they will cause the parser to think you're starting
		a whole new record in the control file, and will therefore
		likely abort with an error.
	      </footnote>.
	    </item>

	    <item>
	      Those containing a space, a full stop and some more characters.
	      These are for future expansion. Do not use them.
	    </item>

	  </list></p>

	  <p>
	    Do not use tab characters.  Their effect is not predictable.
	  </p>

	  <p>
	    See <ref id="descriptions"> for further information on this.
	  </p>

	  <p>
	    In a <file>.changes</file> file, the <tt>Description</tt>
	    field contains a summary of the descriptions for the packages
	    being uploaded.  For this case, the first line of the field
	    value (the part on the same line as <tt>Description:</tt>) is
	    always empty.  It is a multiline field, with one
	    line per package.  Each line is
	    indented by one space and contains the name of a binary
	    package, a space, a hyphen (<tt>-</tt>), a space, and the
	    short description line from that package.
	  </p>
	</sect1>

	<sect1 id="f-Distribution">
	  <heading><tt>Distribution</tt></heading>

	  <p>
	    In a <file>.changes</file> file or parsed changelog output
	    this contains the (space-separated) name(s) of the
	    distribution(s) where this version of the package should
	    be installed.  Valid distributions are determined by the
	    archive maintainers.<footnote>
	      Example distribution names in the Debian archive used in
	      <file>.changes</file> files are:
		<taglist compact="compact">
		  <tag><em>unstable</em></tag>
		  <item>
		    This distribution value refers to the
		    <em>developmental</em> part of the Debian distribution
		    tree.  Most new packages, new upstream versions of
		    packages and bug fixes go into the <em>unstable</em>
		    directory tree.
		  </item>

		  <tag><em>experimental</em></tag>
		  <item>
		    The packages with this distribution value are deemed
		    by their maintainers to be high risk.  Oftentimes they
		    represent early beta or developmental packages from
		    various sources that the maintainers want people to
		    try, but are not ready to be a part of the other parts
		    of the Debian distribution tree.
		  </item>
		</taglist>

		<p>
		  Others are used for updating stable releases or for
		  security uploads.  More information is available in the
		  Debian Developer's Reference, section "The Debian
		  archive".
		</p>
	    </footnote>
	    The Debian archive software only supports listing a single
	    distribution.  Migration of packages to other distributions is
	    handled outside of the upload process.
	  </p>
	</sect1>

	<sect1 id="f-Date">
	  <heading><tt>Date</tt></heading>

	  <p>
	    This field includes the date the package was built or last
	    edited.  It must be in the same format as the <var>date</var>
	    in a <file>debian/changelog</file> entry.
	  </p>

	  <p>
	    The value of this field is usually extracted from the
	    <file>debian/changelog</file> file - see
	    <ref id="dpkgchangelog">).
	  </p>
	</sect1>

	<sect1 id="f-Format">
	  <heading><tt>Format</tt></heading>

	  <p>
	    In <qref id="debianchangesfiles"><file>.changes</file></qref>
	    files, this field declares the format version of that file.
	    The syntax of the field value is the same as that of
	    a <qref id="f-Version">package version number</qref> except
	    that no epoch or Debian revision is allowed.  The format
	    described in this document is <tt>&changesversion;</tt>.
	  </p>

	  <p>
	    In <qref id="debiansourcecontrolfiles"><file>.dsc</file>
	    Debian source control</qref> files, this field declares the
	    format of the source package.  The field value is used by
	    programs acting on a source package to interpret the list of
	    files in the source package and determine how to unpack it.
	    The syntax of the field value is a numeric major revision, a
	    period, a numeric minor revision, and then an optional subtype
	    after whitespace, which if specified is an alphanumeric word
	    in parentheses.  The subtype is optional in the syntax but may
	    be mandatory for particular source format revisions.
	    <footnote>
	      The source formats currently supported by the Debian archive
	      software are <tt>1.0</tt>, <tt>3.0 (native)</tt>,
	      and <tt>3.0 (quilt)</tt>.
	    </footnote>
	  </p>
	</sect1>

	<sect1 id="f-Urgency">
	  <heading><tt>Urgency</tt></heading>

	  <p>
	    This is a description of how important it is to upgrade to
	    this version from previous ones.  It consists of a single
	    keyword taking one of the values <tt>low</tt>,
	    <tt>medium</tt>, <tt>high</tt>, <tt>emergency</tt>, or
	    <tt>critical</tt><footnote>
	      Other urgency values are supported with configuration
	      changes in the archive software but are not used in Debian.
	      The urgency affects how quickly a package will be considered
	      for inclusion into the <tt>testing</tt> distribution and
	      gives an indication of the importance of any fixes included
	      in the upload.  <tt>Emergency</tt> and <tt>critical</tt> are
	      treated as synonymous.
	    </footnote> (not case-sensitive) followed by an optional
	    commentary (separated by a space) which is usually in
	    parentheses.  For example:

	    <example>
  Urgency: low (HIGH for users of diversions)
	    </example>

	  </p>

	  <p>
	    The value of this field is usually extracted from the
	    <file>debian/changelog</file> file - see
	    <ref id="dpkgchangelog">.
	  </p>
	</sect1>

	<sect1 id="f-Changes">
	  <heading><tt>Changes</tt></heading>

	  <p>
	    This multiline field contains the human-readable changes data, describing
	    the differences between the last version and the current one.
	  </p>

	  <p>
	    The first line of the field value (the part on the same line
	    as <tt>Changes:</tt>) is always empty.  The content of the
	    field is expressed as continuation lines, with each line
	    indented by at least one space.  Blank lines must be
	    represented by a line consisting only of a space and a full
	    stop (<tt>.</tt>).
	  </p>

	  <p>
	    The value of this field is usually extracted from the
	    <file>debian/changelog</file> file - see
	    <ref id="dpkgchangelog">).
	  </p>

	  <p>
	    Each version's change information should be preceded by a
	    "title" line giving at least the version, distribution(s)
	    and urgency, in a human-readable way.
	  </p>

	  <p>
	    If data from several versions is being returned the entry
	    for the most recent version should be returned first, and
	    entries should be separated by the representation of a
	    blank line (the "title" line may also be followed by the
	    representation of a blank line).
	  </p>
	</sect1>

	<sect1 id="f-Binary">
	  <heading><tt>Binary</tt></heading>

	  <p>
	    This folded field is a list of binary packages.  Its syntax and
	    meaning varies depending on the control file in which it
	    appears.
	  </p>

	  <p>
	    When it appears in the <file>.dsc</file> file, it lists binary
	    packages which a source package can produce, separated by
	    commas<footnote>
		A space after each comma is conventional.
	    </footnote>.  The source package
	    does not necessarily produce all of these binary packages for
	    every architecture.  The source control file doesn't contain
	    details of which architectures are appropriate for which of
	    the binary packages.
	  </p>

	  <p>
	    When it appears in a <file>.changes</file> file, it lists the
	    names of the binary packages being uploaded, separated by
	    whitespace (not commas).
	  </p>
	</sect1>

	<sect1 id="f-Installed-Size">
	  <heading><tt>Installed-Size</tt></heading>

	  <p>
	    This field appears in the control files of binary packages,
	    and in the <file>Packages</file> files.  It gives an estimate
	    of the total amount of disk space required to install the
	    named package.  Actual installed size may vary based on block
	    size, file system properties, or actions taken by package
	    maintainer scripts.
	  </p>

	  <p>
	    The disk space is given as the integer value of the estimated
	    installed size in bytes, divided by 1024 and rounded up.
	  </p>
	</sect1>

	<sect1 id="f-Files">
	  <heading><tt>Files</tt></heading>

	  <p>
	    This field contains a list of files with information about
	    each one.  The exact information and syntax varies with
	    the context.
	  </p>

	  <p>
	    In all cases, Files is a multiline field.  The first line of
	    the field value (the part on the same line as <tt>Files:</tt>)
	    is always empty.  The content of the field is expressed as
	    continuation lines, one line per file.  Each line must be
	    indented by one space and contain a number of sub-fields,
	    separated by spaces, as described below.
	  </p>

	  <p>
	    In the <file>.dsc</file> file, each line contains the MD5
	    checksum, size and filename of the tar file and (if
	    applicable) diff file which make up the remainder of the
	    source package<footnote>
	      That is, the parts which are not the <tt>.dsc</tt>.
	    </footnote>.  For example:
	    <example>
Files:
 c6f698f19f2a2aa07dbb9bbda90a2754 571925 example_1.2.orig.tar.gz
 938512f08422f3509ff36f125f5873ba 6220 example_1.2-1.diff.gz
	    </example>
	    The exact forms of the filenames are described
	    in <ref id="pkg-sourcearchives">.
	  </p>

	  <p>
	    In the <file>.changes</file> file this contains one line per
	    file being uploaded.  Each line contains the MD5 checksum,
	    size, section and priority and the filename.  For example:
	    <example>
Files:
 4c31ab7bfc40d3cf49d7811987390357 1428 text extra example_1.2-1.dsc
 c6f698f19f2a2aa07dbb9bbda90a2754 571925 text extra example_1.2.orig.tar.gz
 938512f08422f3509ff36f125f5873ba 6220 text extra example_1.2-1.diff.gz
 7c98fe853b3bbb47a00e5cd129b6cb56 703542 text extra example_1.2-1_i386.deb
	    </example>
	    The <qref id="f-Section">section</qref>
	    and <qref id="f-Priority">priority</qref> are the values of
	    the corresponding fields in the main source control file.  If
	    no section or priority is specified then <tt>-</tt> should be
	    used, though section and priority values must be specified for
	    new packages to be installed properly.
	  </p>

	  <p>
	    The special value <tt>byhand</tt> for the section in a
	    <tt>.changes</tt> file indicates that the file in question
	    is not an ordinary package file and must be installed by
	    hand by the distribution maintainers.  If the section is
	    <tt>byhand</tt> the priority should be <tt>-</tt>.
	  </p>

	  <p>
	    If a new Debian revision of a package is being shipped and
	    no new original source archive is being distributed the
	    <tt>.dsc</tt> must still contain the <tt>Files</tt> field
	    entry for the original source archive
	    <file><var>package</var>_<var>upstream-version</var>.orig.tar.gz</file>,
	    but the <file>.changes</file> file should leave it out.  In
	    this case the original source archive on the distribution
	    site must match exactly, byte-for-byte, the original
	    source archive which was used to generate the
	    <file>.dsc</file> file and diff which are being uploaded.</p>
	</sect1>

	<sect1 id="f-Closes">
	  <heading><tt>Closes</tt></heading>

	  <p>
	    A space-separated list of bug report numbers that the upload
	    governed by the .changes file closes.
	  </p>
	</sect1>

	<sect1 id="f-Homepage">
	  <heading><tt>Homepage</tt></heading>

	  <p>
	    The URL of the web site for this package, preferably (when
	    applicable) the site from which the original source can be
	    obtained and any additional upstream documentation or
	    information may be found.  The content of this field is a
	    simple URL without any surrounding characters such as
	    <tt>&lt;&gt;</tt>.
	  </p>
	</sect1>

	<sect1 id="f-Checksums">
	  <heading><tt>Checksums-Sha1</tt>
	    and <tt>Checksums-Sha256</tt></heading>

	  <p>
	    These multiline fields contain a list of files with a checksum and size
	    for each one.  Both <tt>Checksums-Sha1</tt>
	    and <tt>Checksums-Sha256</tt> have the same syntax and differ
	    only in the checksum algorithm used: SHA-1
	    for <tt>Checksums-Sha1</tt> and SHA-256
	    for <tt>Checksums-Sha256</tt>.
	  </p>

	  <p>
	    <tt>Checksums-Sha1</tt> and <tt>Checksums-Sha256</tt> are
	    multiline fields.  The first line of the field value (the part
	    on the same line as <tt>Checksums-Sha1:</tt>
	    or <tt>Checksums-Sha256:</tt>) is always empty.  The content
	    of the field is expressed as continuation lines, one line per
	    file.  Each line consists of the checksum, a space, the file
	    size, a space, and the file name.  For example (from
	    a <file>.changes</file> file):
	    <example>
Checksums-Sha1:
 1f418afaa01464e63cc1ee8a66a05f0848bd155c 1276 example_1.0-1.dsc
 a0ed1456fad61116f868b1855530dbe948e20f06 171602 example_1.0.orig.tar.gz
 5e86ecf0671e113b63388dac81dd8d00e00ef298 6137 example_1.0-1.debian.tar.gz
 71a0ff7da0faaf608481195f9cf30974b142c183 548402 example_1.0-1_i386.deb
Checksums-Sha256:
 ac9d57254f7e835bed299926fd51bf6f534597cc3fcc52db01c4bffedae81272 1276 example_1.0-1.dsc
 0d123be7f51e61c4bf15e5c492b484054be7e90f3081608a5517007bfb1fd128 171602 example_1.0.orig.tar.gz
 f54ae966a5f580571ae7d9ef5e1df0bd42d63e27cb505b27957351a495bc6288 6137 example_1.0-1.debian.tar.gz
 3bec05c03974fdecd11d020fc2e8250de8404867a8a2ce865160c250eb723664 548402 example_1.0-1_i386.deb
	    </example>
	  </p>

	  <p>
	    In the <file>.dsc</file> file, these fields list all
	    files that make up the source package.  In
	    the <file>.changes</file> file, these fields list all
	    files being uploaded.  The list of files in these fields
	    must match the list of files in the <tt>Files</tt> field.
	  </p>
	</sect1>

	<sect1>
	  <heading><tt>DM-Upload-Allowed</tt></heading>

	  <p>
	    Obsolete, see <qref id="f-DM-Upload-Allowed">below</qref>.
	  </p>
	</sect1>

	<sect1 id="f-VCS-fields">
	  <heading>Version Control System (VCS) fields</heading>

	  <p>
	    Debian source packages are increasingly developed using VCSs.  The
	    purpose of the following fields is to indicate a publicly accessible
	    repository where the Debian source package is developed.

	    <taglist>
	      <tag><tt>Vcs-Browser</tt></tag>
	      <item>
		<p>
		  URL of a web interface for browsing the repository.
		</p>
	      </item>

	      <tag>
		<tt>Vcs-Arch</tt>, <tt>Vcs-Bzr</tt> (Bazaar), <tt>Vcs-Cvs</tt>,
		<tt>Vcs-Darcs</tt>, <tt>Vcs-Git</tt>, <tt>Vcs-Hg</tt>
		(Mercurial), <tt>Vcs-Mtn</tt> (Monotone), <tt>Vcs-Svn</tt>
		(Subversion)
	      </tag>
	      <item>
		<p>
		  The field name identifies the VCS. The field's value uses the
		  version control system's conventional syntax for describing
		  repository locations and should be sufficient to locate the
		  repository used for packaging. Ideally, it also locates the
		  branch used for development of new versions of the Debian
		  package.
		</p>
		<p>
		  In the case of Git, the value consists of a URL, optionally
		  followed by the word <tt>-b</tt> and the name of a branch in
		  the indicated repository, following the syntax of the
		  <tt>git clone</tt> command.  If no branch is specified, the
		  packaging should be on the default branch.
		</p>
		<p>
		  More than one different VCS may be specified for the same
		  package.
		</p>
	      </item>
	    </taglist>
	  </p>
	</sect1>

	<sect1 id="f-Package-List">
	  <heading><tt>Package-List</tt></heading>

	  <p>
	    Multiline field listing all the packages that can be built from
	    the source package, considering every architecture.  The first line
	    of the field value is empty.  Each one of the next lines describes
	    one binary package, by listing its name, type, section and priority
	    separated by spaces.  Fifth and subsequent space-separated items
	    may be present and parsers must allow them.  See the
	    <qref id="f-Package-Type">Package-Type</qref> field for a list of
	    package types.
	  </p>
	</sect1>

	<sect1 id="f-Package-Type">
	  <heading><tt>Package-Type</tt></heading>

	  <p>
	    Simple field containing a word indicating the type of package:
	    <tt>deb</tt> for binary packages and <tt>udeb</tt> for micro binary
	    packages.  Other types not defined here may be indicated.  In
	    source package control files, the <tt>Package-Type</tt> field
	    should be omitted instead of giving it a value of <tt>deb</tt>, as
	    this value is assumed for paragraphs lacking this field.
	  </p>
	</sect1>

	<sect1 id="f-Dgit">
	  <heading><tt>Dgit</tt></heading>

	  <p>
	    Folded field containing a single git commit hash, presented in
	    full, followed optionally by whitespace and other data to be
	    defined in future extensions.
	  </p>

	  <p>
	    Declares that the source package corresponds exactly to a
	    referenced commit in a Git repository available at the canonical
	    location called <em>dgit-repos</em>, used by <prgn>dgit</prgn>, a
	    bidirectional gateway between the Debian archive and Git.  The
	    commit is reachable from at least one reference whose name matches
	    <tt>refs/dgit/*</tt>.  See the manual page of <prgn>dgit</prgn> for
	    further details.
	  </p>
	</sect1>
      </sect>

      <sect>
	<heading>User-defined fields</heading>

	<p>
	  Additional user-defined fields may be added to the
	  source package control file.  Such fields will be
	  ignored, and not copied to (for example) binary or
	  Debian source control files or upload control files.
	</p>

	<p>
	  If you wish to add additional unsupported fields to
	  these output files you should use the mechanism
	  described here.
	</p>

	<p>
	  Fields in the main source control information file with
	  names starting <tt>X</tt>, followed by one or more of
	  the letters <tt>BCS</tt> and a hyphen <tt>-</tt>, will
	  be copied to the output files.  Only the part of the
	  field name after the hyphen will be used in the output
	  file.  Where the letter <tt>B</tt> is used the field
	  will appear in binary package control files, where the
	  letter <tt>S</tt> is used in Debian source control
	  files and where <tt>C</tt> is used in upload control
	  (<tt>.changes</tt>) files.
	</p>

	<p>
	  For example, if the main source information control file
	  contains the field
	  <example>
  XBS-Comment: I stand between the candle and the star.
	  </example>
	  then the binary and Debian source control files will contain the
	  field
	  <example>
  Comment: I stand between the candle and the star.
	  </example>
	</p>

      </sect>

      <sect id="obsolete-control-data-fields">
	<heading>Obsolete fields</heading>

	<p>
	  The following fields have been obsoleted and may be found in packages
	  conforming with previous versions of the Policy.
	</p>

	<sect1 id="f-DM-Upload-Allowed">
	  <heading><tt>DM-Upload-Allowed</tt></heading>

	  <p>
	    Indicates that Debian Maintainers may upload this package to
	    the Debian archive.  The only valid value is <tt>yes</tt>.  This
	    field was used to regulate uploads by Debian Maintainers, See the
	    General Resolution <url id="http://www.debian.org/vote/2007/vote_003"
	    name="Endorse the concept of Debian Maintainers"> for more details.
	  </p>
	</sect1>

      </sect>

    </chapt>


    <chapt id="maintainerscripts">
      <heading>Package maintainer scripts and installation procedure</heading>

      <sect>
	<heading>Introduction to package maintainer scripts</heading>

	<p>
	  It is possible to supply scripts as part of a package which
	  the package management system will run for you when your
	  package is installed, upgraded or removed.
	</p>

	<p>
	  These scripts are the control information
	  files <prgn>preinst</prgn>, <prgn>postinst</prgn>, <prgn>prerm</prgn>
	  and <prgn>postrm</prgn>.  They must be proper executable files;
	  if they are scripts (which is recommended), they must start with
	  the usual <tt>#!</tt> convention.  They should be readable and
	  executable by anyone, and must not be world-writable.
	</p>

	<p>
	  The package management system looks at the exit status from
	  these scripts.  It is important that they exit with a
	  non-zero status if there is an error, so that the package
	  management system can stop its processing.  For shell
	  scripts this means that you <em>almost always</em> need to
	  use <tt>set -e</tt> (this is usually true when writing shell
	  scripts, in fact).  It is also important, of course, that
	  they exit with a zero status if everything went well.
	</p>

	<p>
	  Additionally, packages interacting with users
	  using <prgn>debconf</prgn> in the <prgn>postinst</prgn> script
	  should install a <prgn>config</prgn> script as a control
	  information file.  See <ref id="maintscriptprompt"> for details.
	</p>

	<p>
	  When a package is upgraded a combination of the scripts from
	  the old and new packages is called during the upgrade
	  procedure.  If your scripts are going to be at all
	  complicated you need to be aware of this, and may need to
	  check the arguments to your scripts.
	</p>

	<p>
	  Broadly speaking the <prgn>preinst</prgn> is called before
	  (a particular version of) a package is unpacked, and the
	  <prgn>postinst</prgn> afterwards; the <prgn>prerm</prgn>
	  before (a version of) a package is removed and the
	  <prgn>postrm</prgn> afterwards.
	</p>

	<p>
	  Programs called from maintainer scripts should not normally
	  have a path prepended to them. Before installation is
	  started, the package management system checks to see if the
	  programs <prgn>ldconfig</prgn>, <prgn>start-stop-daemon</prgn>,
	  and <prgn>update-rc.d</prgn> can be found via the
	  <tt>PATH</tt> environment variable. Those programs, and any
	  other program that one would expect to be in the
	  <tt>PATH</tt>, should thus be invoked without an absolute
	  pathname. Maintainer scripts should also not reset the
	  <tt>PATH</tt>, though they might choose to modify it by
	  prepending or appending package-specific directories. These
	  considerations really apply to all shell scripts.</p>
      </sect>

      <sect id="idempotency">
	<heading>Maintainer scripts idempotency</heading>

	<p>
	  It is necessary for the error recovery procedures that the
	  scripts be idempotent.  This means that if it is run
	  successfully, and then it is called again, it doesn't bomb
	  out or cause any harm, but just ensures that everything is
	  the way it ought to be.  If the first call failed, or
	  aborted half way through for some reason, the second call
	  should merely do the things that were left undone the first
	  time, if any, and exit with a success status if everything
	  is OK.<footnote>
	      This is so that if an error occurs, the user interrupts
	      <prgn>dpkg</prgn> or some other unforeseen circumstance
	      happens you don't leave the user with a badly-broken
	      package when <prgn>dpkg</prgn> attempts to repeat the
	      action.
	  </footnote>
	</p>
      </sect>

      <sect id="controllingterminal">
	<heading>Controlling terminal for maintainer scripts</heading>

	<p>
	  Maintainer scripts are not guaranteed to run with a controlling
	  terminal and may not be able to interact with the user.  They
	  must be able to fall back to noninteractive behavior if no
	  controlling terminal is available.  Maintainer scripts that
	  prompt via a program conforming to the Debian Configuration
	  Management Specification (see <ref id="maintscriptprompt">) may
	  assume that program will handle falling back to noninteractive
	  behavior.
	</p>

	<p>
	  For high-priority prompts without a reasonable default answer,
	  maintainer scripts may abort if there is no controlling
	  terminal.  However, this situation should be avoided if at all
	  possible, since it prevents automated or unattended installs.
	  In most cases, users will consider this to be a bug in the
	  package.
	</p>
      </sect>

      <sect id="exitstatus">
	<heading>Exit status</heading>

	<p>
	  Each script must return a zero exit status for
	  success, or a nonzero one for failure, since the package
	  management system looks for the exit status of these scripts
	  and determines what action to take next based on that datum.
	</p>
      </sect>

      <sect id="mscriptsinstact"><heading>Summary of ways maintainer
	  scripts are called
	</heading>

	<p>
	  What follows is a summary of all the ways in which maintainer
	  scripts may be called along with what facilities those scripts
	  may rely on being available at that time.  Script names preceded
	  by <var>new-</var> are the scripts from the new version of a
	  package being installed, upgraded to, or downgraded to.  Script
	  names preceded by <var>old-</var> are the scripts from the old
	  version of a package that is being upgraded from or downgraded
	  from.
	</p>

	<p>
	  The <prgn>preinst</prgn> script may be called in the following
	  ways:
	  <taglist>
	    <tag><var>new-preinst</var> <tt>install</tt></tag>
	    <tag><var>new-preinst</var> <tt>install</tt>
	      <var>old-version</var></tag>
	    <tag><var>new-preinst</var> <tt>upgrade</tt>
	      <var>old-version</var></tag>
	    <item>
	      The package will not yet be unpacked, so
	      the <prgn>preinst</prgn> script cannot rely on any files
	      included in its package.  Only essential packages and
	      pre-dependencies (<tt>Pre-Depends</tt>) may be assumed to be
	      available.  Pre-dependencies will have been configured at
	      least once, but at the time the <prgn>preinst</prgn> is
	      called they may only be in an "Unpacked" or "Half-Configured"
	      state if a previous version of the pre-dependency was
	      completely configured and has not been removed since then.
	    </item>

	    <tag><var>old-preinst</var> <tt>abort-upgrade</tt>
	      <var>new-version</var></tag>
	    <item>
	      Called during error handling of an upgrade that failed after
	      unpacking the new package because the <tt>postrm
	      upgrade</tt> action failed.  The unpacked files may be
	      partly from the new version or partly missing, so the script
	      cannot rely on files included in the package.  Package
	      dependencies may not be available.  Pre-dependencies will be
	      at least "Unpacked" following the same rules as above, except
	      they may be only "Half-Installed" if an upgrade of the
	      pre-dependency failed.<footnote>
		This can happen if the new version of the package no
		longer pre-depends on a package that had been partially
		upgraded.
	      </footnote>
	    </item>
	  </taglist>
	</p>

	<p>
	  The <prgn>postinst</prgn> script may be called in the following
	  ways:
	  <taglist>
	    <tag><var>postinst</var> <tt>configure</tt>
	      <var>most-recently-configured-version</var></tag>
	    <item>
	      The files contained in the package will be unpacked.  All
	      package dependencies will at least be "Unpacked".  If there
	      are no circular dependencies involved, all package
	      dependencies will be configured.  For behavior in the case
	      of circular dependencies, see the discussion
	      in <ref id="binarydeps">.
	    </item>

	    <tag><var>old-postinst</var> <tt>abort-upgrade</tt>
	      <var>new-version</var></tag>
	    <tag><var>conflictor's-postinst</var> <tt>abort-remove</tt>
	      <tt>in-favour</tt> <var>package</var>
	      <var>new-version</var></tag>
	    <tag><var>postinst</var> <tt>abort-remove</tt></tag>
	    <tag><var>deconfigured's-postinst</var>
	      <tt>abort-deconfigure</tt> <tt>in-favour</tt>
	      <var>failed-install-package</var> <var>version</var>
	      [<tt>removing</tt> <var>conflicting-package</var>
	      <var>version</var>]</tag>
	    <item>
	      The files contained in the package will be unpacked.  All
	      package dependencies will at least be "Half-Installed" and
	      will have previously been configured and not removed.
	      However, dependencies may not be configured or even fully
	      unpacked in some error situations.<footnote>
		For example, suppose packages foo and bar are "Installed"
		with foo depending on bar.  If an upgrade of bar were
		started and then aborted, and then an attempt to remove
		foo failed because its <prgn>prerm</prgn> script failed,
		foo's <tt>postinst abort-remove</tt> would be called with
		bar only "Half-Installed".
	      </footnote>
	      The <prgn>postinst</prgn> should still attempt any actions
	      for which its dependencies are required, since they will
	      normally be available, but consider the correct error
	      handling approach if those actions fail.  Aborting
	      the <prgn>postinst</prgn> action if commands or facilities
	      from the package dependencies are not available is often the
	      best approach.
	    </item>
	  </taglist>
	</p>

	<p>
	  The <prgn>prerm</prgn> script may be called in the following
	  ways:
	  <taglist>
	    <tag><var>prerm</var> <tt>remove</tt></tag>
	    <tag><var>old-prerm</var>
	      <tt>upgrade</tt><var>new-version</var></tag>
	    <tag><var>conflictor's-prerm</var> <tt>remove</tt>
	      <tt>in-favour</tt> <var>package</var>
	      <var>new-version</var></tag>
	    <tag><var>deconfigured's-prerm</var> <tt>deconfigure</tt>
	      <tt>in-favour</tt> <var>package-being-installed</var>
	      <var>version</var> [<tt>removing</tt>
	      <var>conflicting-package</var> <var>version</var>]</tag>
	    <item>
	      The package whose <prgn>prerm</prgn> is being called will be
	      at least "Half-Installed".  All package dependencies will at
	      least be "Half-Installed" and will have previously been
	      configured and not removed.  If there was no error, all
	      dependencies will at least be "Unpacked", but these actions
	      may be called in various error states where dependencies are
	      only "Half-Installed" due to a partial upgrade.
	    </item>

	    <tag><var>new-prerm</var> <tt>failed-upgrade</tt>
	      <var>old-version</var></tag>
	    <item>
	      Called during error handling when <tt>prerm upgrade</tt>
	      fails.  The new package will not yet be unpacked, and all
	      the same constraints as for <tt>preinst upgrade</tt> apply.
	    </item>
	  </taglist>
	</p>

	<p>
	  The <prgn>postrm</prgn> script may be called in the following
	  ways:
	  <taglist>
	    <tag><var>postrm</var> <tt>remove</tt></tag>
	    <tag><var>postrm</var> <tt>purge</tt></tag>
	    <tag><var>old-postrm</var> <tt>upgrade</tt>
	      <var>new-version</var></tag>
	    <tag><var>disappearer's-postrm</var> <tt>disappear</tt>
		<var>overwriter</var> <var>overwriter-version</var></tag>
	    <item>
	      The <prgn>postrm</prgn> script is called after the package's
	      files have been removed or replaced.  The package
	      whose <prgn>postrm</prgn> is being called may have
	      previously been deconfigured and only be "Unpacked", at which
	      point subsequent package changes do not consider its
	      dependencies.  Therefore, all <prgn>postrm</prgn> actions
	      may only rely on essential packages and must gracefully skip
	      any actions that require the package's dependencies if those
	      dependencies are unavailable.<footnote>
		This is often done by checking whether the command or
	        facility the <prgn>postrm</prgn> intends to call is
	        available before calling it.  For example:
<example>
if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
        . /usr/share/debconf/confmodule
        db_purge
fi
</example>
		in <prgn>postrm</prgn> purges the <prgn>debconf</prgn>
		configuration for the package
		if <package>debconf</package> is installed.
	      </footnote>
	    </item>

	    <tag><var>new-postrm</var> <tt>failed-upgrade</tt>
	      <var>old-version</var></tag>
	    <item>
	      Called when the old <tt>postrm upgrade</tt> action fails.
	      The new package will be unpacked, but only essential
	      packages and pre-dependencies can be relied on.
	      Pre-dependencies will either be configured or will be
	      "Unpacked" or "Half-Configured" but previously had been
	      configured and was never removed.
	    </item>

	    <tag><var>new-postrm</var> <tt>abort-install</tt></tag>
	    <tag><var>new-postrm</var> <tt>abort-install</tt>
	      <var>old-version</var></tag>
	    <tag><var>new-postrm</var> <tt>abort-upgrade</tt>
	      <var>old-version</var></tag>
	    <item>
	      Called before unpacking the new package as part of the
	      error handling of <prgn>preinst</prgn> failures.  May assume
	      the same state as <prgn>preinst</prgn> can assume.
	    </item>
	  </taglist>
	</p>
      </sect>

      <sect id="unpackphase">
	<heading>Details of unpack phase of installation or upgrade</heading>

	<p>
	  The procedure on installation/upgrade/overwrite/disappear
	  (i.e., when running <tt>dpkg --unpack</tt>, or the unpack
	  stage of <tt>dpkg --install</tt>) is as follows.  In each
	  case, if a major error occurs (unless listed below) the
	  actions are, in general, run backwards - this means that the
	  maintainer scripts are run with different arguments in
	  reverse order.  These are the "error unwind" calls listed
	  below.

	  <enumlist>
	    <item>
		<enumlist>
		  <item>
		      If a version of the package is already "Installed", call
		      <example compact="compact">
<var>old-prerm</var> upgrade <var>new-version</var>
		      </example>
		  </item>
		  <item>
		      If the script runs but exits with a non-zero
		      exit status, <prgn>dpkg</prgn> will attempt:
		      <example compact="compact">
<var>new-prerm</var> failed-upgrade <var>old-version</var>
		      </example>
                      If this works, the upgrade continues. If this
                      does not work, the error unwind:
		      <example compact="compact">
<var>old-postinst</var> abort-upgrade <var>new-version</var>
		      </example>
                      If this works, then the old-version is
                      "Installed", if not, the old version is in a
                      "Half-Configured" state.
		  </item>
		</enumlist>
	    </item>

	    <item>
		If a "conflicting" package is being removed at the same time,
		or if any package will be broken (due to <tt>Breaks</tt>):
		<enumlist>
		  <item>
		      If <tt>--auto-deconfigure</tt> is
		      specified, call, for each package to be deconfigured
		      due to <tt>Breaks</tt>:
		      <example compact="compact">
<var>deconfigured's-prerm</var> deconfigure \
  in-favour <var>package-being-installed</var> <var>version</var>
		      </example>
		      Error unwind:
		      <example compact="compact">
<var>deconfigured's-postinst</var> abort-deconfigure \
  in-favour <var>package-being-installed-but-failed</var> <var>version</var>
		      </example>
		      The deconfigured packages are marked as
		      requiring configuration, so that if
		      <tt>--install</tt> is used they will be
		      configured again if possible.
		  </item>
		  <item>
		      If any packages depended on a conflicting
		      package being removed and <tt>--auto-deconfigure</tt> is
		      specified, call, for each such package:
		      <example compact="compact">
<var>deconfigured's-prerm</var> deconfigure \
  in-favour <var>package-being-installed</var> <var>version</var> \
    removing <var>conflicting-package</var> <var>version</var>
		      </example>
		      Error unwind:
		      <example compact="compact">
<var>deconfigured's-postinst</var> abort-deconfigure \
  in-favour <var>package-being-installed-but-failed</var> <var>version</var> \
    removing <var>conflicting-package</var> <var>version</var>
		      </example>
		      The deconfigured packages are marked as
		      requiring configuration, so that if
		      <tt>--install</tt> is used they will be
		      configured again if possible.
		  </item>
		  <item>
		      To prepare for removal of each conflicting package, call:
		      <example compact="compact">
<var>conflictor's-prerm</var> remove \
  in-favour <var>package</var> <var>new-version</var>
		      </example>
		      Error unwind:
		      <example compact="compact">
<var>conflictor's-postinst</var> abort-remove \
  in-favour <var>package</var> <var>new-version</var>
		      </example>
		  </item>
		</enumlist>
	    </item>

	    <item>
		<enumlist>
		  <item>
		      If the package is being upgraded, call:
		      <example compact="compact">
<var>new-preinst</var> upgrade <var>old-version</var>
		      </example>
                      If this fails, we call:
                      <example>
<var>new-postrm</var> abort-upgrade <var>old-version</var>
                      </example>
                      <enumlist>
                        <item>
                          <p>
                            If that works, then
                            <example>
<var>old-postinst</var> abort-upgrade <var>new-version</var>
                            </example>
                            is called. If this works, then the old version
                            is in an "Installed" state, or else it is left
                            in an "Unpacked" state.
                          </p>
                        </item>
                        <item>
                          <p>
                            If it fails, then the old version is left
                            in an "Half-Installed" state.
                          </p>
                        </item>
                      </enumlist>
                      
		  </item>
		  <item>
		      Otherwise, if the package had some configuration
		      files from a previous version installed (i.e., it
		      is in the "Config-Files" state):
		      <example compact="compact">
<var>new-preinst</var> install <var>old-version</var>
		      </example>
                      Error unwind:
                      <example>
<var>new-postrm</var> abort-install <var>old-version</var>
                      </example>
                      If this fails, the package is left in a
                      "Half-Installed" state, which requires a
                      reinstall. If it works, the packages is left in
                      a "Config-Files" state.
		  </item>
		  <item>
		      Otherwise (i.e., the package was completely purged):
		      <example compact="compact">
<var>new-preinst</var> install
                      </example>
                      Error unwind:
                      <example compact="compact">
<var>new-postrm</var> abort-install
                      </example>
                      If the error-unwind fails, the package is in a
                      "Half-Installed" phase, and requires a
                      reinstall. If the error unwind works, the
                      package is in the "Not-Installed" state.
		  </item>
                </enumlist>
	    </item>

	    <item>
	      <p>
		The new package's files are unpacked, overwriting any
		that may be on the system already, for example any
		from the old version of the same package or from
		another package.  Backups of the old files are kept
		temporarily, and if anything goes wrong the package
		management system will attempt to put them back as
		part of the error unwind.
	      </p>

	      <p>
		It is an error for a package to contain files which
		are on the system in another package, unless
		<tt>Replaces</tt> is used (see <ref id="replaces">).
		<!--
		The following paragraph is not currently the case:
		Currently the <tt>- - force-overwrite</tt> flag is
		enabled, downgrading it to a warning, but this may not
		always be the case.
		-->
	      </p>

	      <p>
		It is a more serious error for a package to contain a
		plain file or other kind of non-directory where another
		package has a directory (again, unless
		<tt>Replaces</tt> is used).  This error can be
		overridden if desired using
		<tt>--force-overwrite-dir</tt>, but this is not
		advisable.
	      </p>

	      <p>
		Packages which overwrite each other's files produce
		behavior which, though deterministic, is hard for the
		system administrator to understand.  It can easily
		lead to "missing" programs if, for example, a package
		is unpacked which overwrites a file from another
		package, and is then removed again.<footnote>
		    Part of the problem is due to what is arguably a
		    bug in <prgn>dpkg</prgn>.
		</footnote>
	      </p>

	      <p>
		A directory will never be replaced by a symbolic link
		to a directory or vice versa; instead, the existing
		state (symlink or not) will be left alone and
		<prgn>dpkg</prgn> will follow the symlink if there is
		one.
	      </p>
	    </item>

	    <item>
	      <p>
		<enumlist>
		  <item>
		      If the package is being upgraded, call
		      <example compact="compact">
<var>old-postrm</var> upgrade <var>new-version</var>
		      </example>
		  </item>
		  <item>
		      If this fails, <prgn>dpkg</prgn> will attempt:
		      <example compact="compact">
<var>new-postrm</var> failed-upgrade <var>old-version</var>
		      </example>
                      If this works, installation continues. If not, 
		      Error unwind:
		      <example compact="compact">
<var>old-preinst</var> abort-upgrade <var>new-version</var>
		      </example>
                      If this fails, the old version is left in a
                      "Half-Installed" state. If it works, dpkg now
                      calls:
		      <example compact="compact">
<var>new-postrm</var> abort-upgrade <var>old-version</var>
		      </example>
                      If this fails, the old version is left in a
                      "Half-Installed" state. If it works, dpkg now
                      calls:
		      <example compact="compact">
<var>old-postinst</var> abort-upgrade <var>new-version</var>
		      </example>
                      If this fails, the old version is in an
                      "Unpacked" state.
 		  </item>
		</enumlist>
	      </p>

	      <p>
		This is the point of no return - if
		<prgn>dpkg</prgn> gets this far, it won't back off
		past this point if an error occurs.  This will
		leave the package in a fairly bad state, which
		will require a successful re-installation to clear
		up, but it's when <prgn>dpkg</prgn> starts doing
		things that are irreversible.
	      </p>
	    </item>

	    <item>
		Any files which were in the old version of the package
		but not in the new are removed.
	    </item>

	    <item>
		The new file list replaces the old.
	    </item>

	    <item>
		The new maintainer scripts replace the old.
	    </item>

	    <item>
		Any packages all of whose files have been overwritten
		during the installation, and which aren't required for
		dependencies, are considered to have been removed.
		For each such package
		<enumlist>
		  <item>
		      <prgn>dpkg</prgn> calls:
		      <example compact="compact">
<var>disappearer's-postrm</var> disappear \
  <var>overwriter</var> <var>overwriter-version</var>
		      </example>
		  </item>
		  <item>
		      The package's maintainer scripts are removed.
		  </item>
		  <item>
		      It is noted in the status database as being in a
		      sane state, namely "Not-Installed" (any conffiles
		      it may have are ignored, rather than being
		      removed by <prgn>dpkg</prgn>).  Note that
		      disappearing packages do not have their prerm
		      called, because <prgn>dpkg</prgn> doesn't know
		      in advance that the package is going to
		      vanish.
		  </item>
		</enumlist>
	    </item>

	    <item>
		Any files in the package we're unpacking that are also
		listed in the file lists of other packages are removed
		from those lists.  (This will lobotomize the file list
		of the "conflicting" package if there is one.)
	    </item>

	    <item>
		The backup files made during installation, above, are
		deleted.
	    </item>

	    <item>
	      <p>
		The new package's status is now sane, and recorded as
		"Unpacked".
	      </p>

	      <p>
		Here is another point of no return - if the
		conflicting package's removal fails we do not unwind
		the rest of the installation; the conflicting package
		is left in a half-removed limbo.
	      </p>
	    </item>

	    <item>
		If there was a conflicting package we go and do the
		removal actions (described below), starting with the
		removal of the conflicting package's files (any that
		are also in the package being unpacked have already
		been removed from the conflicting package's file list,
		and so do not get removed now).
	    </item>
	  </enumlist>
	</p>
      </sect>

      <sect id="configdetails"><heading>Details of configuration</heading>

	<p>
	  When we configure a package (this happens with <tt>dpkg
	    --install</tt> and <tt>dpkg --configure</tt>), we first
	  update any <tt>conffile</tt>s and then call:
	  <example compact="compact">
<var>postinst</var> configure <var>most-recently-configured-version</var>
	  </example>
	</p>

	<p>
	  No attempt is made to unwind after errors during
	  configuration. If the configuration fails, the package is in
	  a "Half-Configured" state, and an error message is generated.
	</p>

	<p>
	  If there is no most recently configured version
	  <prgn>dpkg</prgn> will pass a null argument.
	  <footnote>
	    <p>
	      Historical note: Truly ancient (pre-1997) versions of
	      <prgn>dpkg</prgn> passed <tt>&lt;unknown&gt;</tt>
	      (including the angle brackets) in this case.  Even older
	      ones did not pass a second argument at all, under any
	      circumstance.  Note that upgrades using such an old dpkg
	      version are unlikely to work for other reasons, even if
	      this old argument behavior is handled by your postinst script.
	    </p>
	  </footnote>	  
	</p>
      </sect>

      <sect id="removedetails"><heading>Details of removal and/or
      configuration purging</heading>

	<p>
	  <enumlist>
	    <item>
              <p>
		<example compact="compact">
<var>prerm</var> remove
		</example>
              </p>
              <p>
                If prerm fails during replacement due to conflict
                <example>
<var>conflictor's-postinst</var> abort-remove \
  in-favour <var>package</var> <var>new-version</var>
                </example>
                Or else we call:
                <example>
<var>postinst</var> abort-remove
                </example>
              </p>
              <p>
                If this fails, the package is in a "Half-Configured"
                state, or else it remains "Installed".
              </p>
	    </item>
	    <item>
		The package's files are removed (except <tt>conffile</tt>s).
	    </item>
	    <item>
		<example compact="compact">
<var>postrm</var> remove
		</example>

              <p>
                If it fails, there's no error unwind, and the package is in
                an "Half-Installed" state.
              </p>
	    </item>
	    <item>
	      <p>
		All the maintainer scripts except the <prgn>postrm</prgn>
		are removed.
	      </p>

	      <p>
		If we aren't purging the package we stop here.  Note
		that packages which have no <prgn>postrm</prgn> and no
		<tt>conffile</tt>s are automatically purged when
		removed, as there is no difference except for the
		<prgn>dpkg</prgn> status.
	      </p>
	    </item>
	    <item>
		The <tt>conffile</tt>s and any backup files
		(<tt>~</tt>-files, <tt>#*#</tt> files,
		<tt>%</tt>-files, <tt>.dpkg-{old,new,tmp}</tt>, etc.)
		are removed.
	    </item>
	    <item>
              <p>
		<example compact="compact">
<var>postrm</var> purge
		</example>
              </p>
              <p>
                If this fails, the package remains in a "Config-Files"
                state.
              </p>
	    </item>
	    <item>
		The package's file list is removed.
	    </item>
	  </enumlist>

	</p>
      </sect>
    </chapt>


    <chapt id="relationships">
      <heading>Declaring relationships between packages</heading>

      <sect id="depsyntax">
	<heading>Syntax of relationship fields</heading>

	<p>
	  These fields all have a uniform syntax.  They are a list of
	  package names separated by commas.
	</p>

        <p>
          In the <tt>Depends</tt>, <tt>Recommends</tt>,
          <tt>Suggests</tt>, <tt>Pre-Depends</tt>,
          <tt>Build-Depends</tt> and <tt>Build-Depends-Indep</tt>
          control fields of the package, which declare
          dependencies on other packages, the package names listed may
          also include lists of alternative package names, separated
          by vertical bar (pipe) symbols <tt>|</tt>.  In such a case,
	  that part of the dependency can be satisfied by any one of
	  the alternative packages.
	</p>

	<p>
	  All of the fields except for <tt>Provides</tt> may restrict
	  their applicability to particular versions of each named
	  package.  This is done in parentheses after each individual
	  package name; the parentheses should contain a relation from
	  the list below followed by a version number, in the format
	  described in <ref id="f-Version">.
	</p>

	<p>
	  The relations allowed are <tt>&lt;&lt;</tt>, <tt>&lt;=</tt>,
	  <tt>=</tt>, <tt>&gt;=</tt> and <tt>&gt;&gt;</tt> for strictly
	  earlier, earlier or equal, exactly equal, later or equal and
	  strictly later, respectively.  The deprecated
	  forms <tt>&lt;</tt> and <tt>&gt;</tt> were confusingly used to
	  mean earlier/later or equal, rather than strictly earlier/later,
	  and must not appear in new packages (though <prgn>dpkg</prgn>
	  still supports them with a warning).
	</p>

	<p>
	  Whitespace may appear at any point in the version
	  specification subject to the rules in <ref
	  id="controlsyntax">, and must appear where it's necessary to
	  disambiguate; it is not otherwise significant.  All of the
	  relationship fields can only be folded in source package control files.  For
	  consistency and in case of future changes to
	  <prgn>dpkg</prgn> it is recommended that a single space be
	  used after a version relationship and before a version
	  number; it is also conventional to put a single space after
	  each comma, on either side of each vertical bar, and before
	  each open parenthesis.  When opening a continuation line in a relationship field, it
	  is conventional to do so after a comma and before the space
	  following that comma.
	</p>

	<p>
	  For example, a list of dependencies might appear as:
	  <example compact="compact">
Package: mutt
Version: 1.3.17-1
Depends: libc6 (>= 2.2.1), exim | mail-transport-agent
	  </example>
	</p>

        <p>
	  Relationships may be restricted to a certain set of
	  architectures.  This is indicated in brackets after each
	  individual package name and the optional version specification.
	  The brackets enclose a non-empty list of Debian architecture names
	  in the format described in <ref id="arch-spec">,
	  separated by whitespace.  Exclamation marks may be prepended to
	  each of the names.  (It is not permitted for some names to be
	  prepended with exclamation marks while others aren't.)
	</p>

	<p>
	  For build relationship fields
	  (<tt>Build-Depends</tt>, <tt>Build-Depends-Indep</tt>,
	  <tt>Build-Conflicts</tt> and <tt>Build-Conflicts-Indep</tt>), if
	  the current Debian host architecture is not in this list and
	  there are no exclamation marks in the list, or it is in the list
	  with a prepended exclamation mark, the package name and the
	  associated version specification are ignored completely for the
	  purposes of defining the relationships.
	</p>

	<p>
	  For example:
	  <example compact="compact">
Source: glibc
Build-Depends-Indep: texinfo
Build-Depends: kernel-headers-2.2.10 [!hurd-i386],
  hurd-dev [hurd-i386], gnumach-dev [hurd-i386]
	  </example>
	  requires <tt>kernel-headers-2.2.10</tt> on all architectures
	  other than hurd-i386 and requires <tt>hurd-dev</tt> and
	  <tt>gnumach-dev</tt> only on hurd-i386.
	</p>

	<p>
	  For binary relationship fields and the <tt>Built-Using</tt>
	  field, the architecture restriction
	  syntax is only supported in the source package control
	  file <file>debian/control</file>.  When the corresponding binary
	  package control file is generated, the relationship will either
	  be omitted or included without the architecture restriction
	  based on the architecture of the binary package.  This means
	  that architecture restrictions must not be used in binary
	  relationship fields for architecture-independent packages
	  (<tt>Architecture: all</tt>).
	</p>

	<p>
	  For example:
	  <example compact="compact">
Depends: foo [i386], bar [amd64]
	  </example>
	  becomes <tt>Depends: foo</tt> when the package is built on
	  the <tt>i386</tt> architecture, <tt>Depends: bar</tt> when the
	  package is built on the <tt>amd64</tt> architecture, and omitted
	  entirely in binary packages built on all other architectures.
	</p>

	<p>
	  If the architecture-restricted dependency is part of a set of
	  alternatives using <tt>|</tt>, that alternative is ignored
	  completely on architectures that do not match the restriction.
	  For example:
	  <example compact="compact">
Build-Depends: foo [!i386] | bar [!amd64]
	  </example>
	  is equivalent to <tt>bar</tt> on the i386 architecture, to
	  <tt>foo</tt> on the amd64 architecture, and to <tt>foo |
	  bar</tt> on all other architectures.
	</p>

        <p>
	  Relationships may also be restricted to a certain set of
	  architectures using architecture wildcards in the format
	  described in <ref id="arch-wildcard-spec">.  The syntax for
	  declaring such restrictions is the same as declaring
	  restrictions using a certain set of architectures without
	  architecture wildcards.  For example:
          <example compact="compact">
Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
          </example>
	  is equivalent to <tt>foo</tt> on architectures using the Linux
	  kernel and any cpu, <tt>bar</tt> on architectures using any
	  kernel and an i386 cpu, and <tt>baz</tt> on any architecture
	  using a kernel other than Linux.
        </p>

	<p>
	  Note that the binary package relationship fields such as
	  <tt>Depends</tt> appear in one of the binary package
	  sections of the control file, whereas the build-time
	  relationships such as <tt>Build-Depends</tt> appear in the
	  source package section of the control file (which is the
	  first section).
	</p>
      </sect>

      <sect id="binarydeps">
        <heading>Binary Dependencies - <tt>Depends</tt>,
          <tt>Recommends</tt>, <tt>Suggests</tt>, <tt>Enhances</tt>,
          <tt>Pre-Depends</tt>
	</heading>

        <p>
          Packages can declare in their control file that they have
          certain relationships to other packages - for example, that
          they may not be installed at the same time as certain other
          packages, and/or that they depend on the presence of others.
        </p>

        <p>
          This is done using the <tt>Depends</tt>, <tt>Pre-Depends</tt>,
          <tt>Recommends</tt>, <tt>Suggests</tt>, <tt>Enhances</tt>,
          <tt>Breaks</tt> and <tt>Conflicts</tt> control fields.
          <tt>Breaks</tt> is described in <ref id="breaks">, and
          <tt>Conflicts</tt> is described in <ref id="conflicts">.  The
          rest are described below.
        </p>

	<p>
	  These seven fields are used to declare a dependency
	  relationship by one package on another.  Except for
	  <tt>Enhances</tt> and <tt>Breaks</tt>, they appear in the
	  depending (binary) package's control file.
	  (<tt>Enhances</tt> appears in the recommending package's
	  control file, and <tt>Breaks</tt> appears in the version of
	  depended-on package which causes the named package to
	  break).
	</p>

	<p>
	  A <tt>Depends</tt> field takes effect <em>only</em> when a
	  package is to be configured.  It does not prevent a package
	  being on the system in an unconfigured state while its
	  dependencies are unsatisfied, and it is possible to replace
	  a package whose dependencies are satisfied and which is
	  properly installed with a different version whose
	  dependencies are not and cannot be satisfied; when this is
	  done the depending package will be left unconfigured (since
	  attempts to configure it will give errors) and will not
	  function properly.  If it is necessary, a
	  <tt>Pre-Depends</tt> field can be used, which has a partial
	  effect even when a package is being unpacked, as explained
	  in detail below.  (The other three dependency fields,
	  <tt>Recommends</tt>, <tt>Suggests</tt> and
	  <tt>Enhances</tt>, are only used by the various front-ends
	  to <prgn>dpkg</prgn> such as <prgn>apt-get</prgn>,
	  <prgn>aptitude</prgn>, and <prgn>dselect</prgn>.)
	</p>

	<p>
	  Since <tt>Depends</tt> only places requirements on the order in
	  which packages are configured, packages in an installation run
	  are usually all unpacked first and all configured later.
	  <footnote>
	    This approach makes dependency resolution easier.  If two
	    packages A and B are being upgraded, the installed package A
	    depends on exactly the installed package B, and the new
	    package A depends on exactly the new package B (a common
	    situation when upgrading shared libraries and their
	    corresponding development packages), satisfying the
	    dependencies at every stage of the upgrade would be
	    impossible.  This relaxed restriction means that both new
	    packages can be unpacked together and then configured in their
	    dependency order.
	  </footnote>
	</p>

	<p>
	  If there is a circular dependency among packages being installed
	  or removed, installation or removal order honoring the
	  dependency order is impossible, requiring the dependency loop be
	  broken at some point and the dependency requirements violated
	  for at least one package.  Packages involved in circular
	  dependencies may not be able to rely on their dependencies being
	  configured before they themselves are configured, depending on
	  which side of the break of the circular dependency loop they
	  happen to be on.  If one of the packages in the loop has
	  no <prgn>postinst</prgn> script, then the cycle will be broken
	  at that package; this ensures that all <prgn>postinst</prgn>
	  scripts are run with their dependencies properly configured if
	  this is possible.  Otherwise the breaking point is arbitrary.
	  Packages should therefore avoid circular dependencies where
	  possible, particularly if they have <prgn>postinst</prgn>
	  scripts.
	</p>

	<p>
	  The meaning of the five dependency fields is as follows:
	  <taglist>
	    <tag><tt>Depends</tt></tag>
	    <item>
	      <p>
		This declares an absolute dependency.  A package will
		not be configured unless all of the packages listed in
		its <tt>Depends</tt> field have been correctly
		configured (unless there is a circular dependency as
		described above).
	      </p>

	      <p>
		The <tt>Depends</tt> field should be used if the
		depended-on package is required for the depending
		package to provide a significant amount of
		functionality.
	      </p>

	      <p>
		The <tt>Depends</tt> field should also be used if the
		<prgn>postinst</prgn> or <prgn>prerm</prgn> scripts
		require the depended-on package to be unpacked or
		configured in order to run.  In the case of <tt>postinst
		configure</tt>, the depended-on packages will be unpacked
		and configured first.  (If both packages are involved in a
		dependency loop, this might not work as expected; see the
		explanation a few paragraphs back.)  In the case
		of <prgn>prerm</prgn> or other <prgn>postinst</prgn>
		actions, the package dependencies will normally be at
		least unpacked, but they may be only "Half-Installed" if a
		previous upgrade of the dependency failed.
	      </p>

	      <p>
		Finally, the <tt>Depends</tt> field should be used if the
		depended-on package is needed by the <prgn>postrm</prgn>
		script to fully clean up after the package removal.  There
		is no guarantee that package dependencies will be
		available when <prgn>postrm</prgn> is run, but the
		depended-on package is more likely to be available if the
		package declares a dependency (particularly in the case
		of <tt>postrm remove</tt>).  The <prgn>postrm</prgn>
		script must gracefully skip actions that require a
		dependency if that dependency isn't available.
	      </p>
	    </item>

	    <tag><tt>Recommends</tt></tag>
	    <item>
	      <p>
		This declares a strong, but not absolute, dependency.
	      </p>

	      <p>
		The <tt>Recommends</tt> field should list packages
		that would be found together with this one in all but
		unusual installations.
	      </p>
	    </item>

	    <tag><tt>Suggests</tt></tag>
	    <item>
		This is used to declare that one package may be more
		useful with one or more others.  Using this field
		tells the packaging system and the user that the
		listed packages are related to this one and can
		perhaps enhance its usefulness, but that installing
		this one without them is perfectly reasonable.
	    </item>

	    <tag><tt>Enhances</tt></tag>
	    <item>
		This field is similar to Suggests but works in the
		opposite direction. It is used to declare that a
		package can enhance the functionality of another
		package.
	    </item>

	    <tag><tt>Pre-Depends</tt></tag>
	    <item>
	      <p>
		This field is like <tt>Depends</tt>, except that it
		also forces <prgn>dpkg</prgn> to complete installation
		of the packages named before even starting the
		installation of the package which declares the
		pre-dependency, as follows:
	      </p>

	      <p>
		When a package declaring a pre-dependency is about to
		be <em>unpacked</em> the pre-dependency can be
		satisfied if the depended-on package is either fully
		configured, <em>or even if</em> the depended-on
		package(s) are only in the "Unpacked" or the "Half-Configured"
		state, provided that they have been configured
		correctly at some point in the past (and not removed
		or partially removed since).  In this case, both the
		previously-configured and currently "Unpacked" or
		"Half-Configured" versions must satisfy any version
		clause in the <tt>Pre-Depends</tt> field.
	      </p>

	      <p>
		When the package declaring a pre-dependency is about to
		be <em>configured</em>, the pre-dependency will be treated
		as a normal <tt>Depends</tt>.  It will be considered
		satisfied only if the depended-on package has been
		correctly configured.  However, unlike
		with <tt>Depends</tt>, <tt>Pre-Depends</tt> does not
		permit circular dependencies to be broken.  If a circular
		dependency is encountered while attempting to honor
		<tt>Pre-Depends</tt>, the installation will be aborted.
	      </p>

	      <p>
		<tt>Pre-Depends</tt> are also required if the
		<prgn>preinst</prgn> script depends on the named package.
		It is best to avoid this situation if possible.
	      </p>

	      <p>
		<tt>Pre-Depends</tt> should be used sparingly,
		preferably only by packages whose premature upgrade or
		installation would hamper the ability of the system to
		continue with any upgrade that might be in progress.
	      </p>

	      <p>
		You should not specify a <tt>Pre-Depends</tt> entry for a
		package before this has been discussed on the
		<tt>debian-devel</tt> mailing list and a consensus about
		doing that has been reached.  See <ref id="dependencies">.
	      </p>
	    </item>
	  </taglist>
	</p>

	<p>
	  When selecting which level of dependency to use you should
	  consider how important the depended-on package is to the
	  functionality of the one declaring the dependency.  Some
	  packages are composed of components of varying degrees of
	  importance.  Such a package should list using
	  <tt>Depends</tt> the package(s) which are required by the
	  more important components.  The other components'
	  requirements may be mentioned as Suggestions or
	  Recommendations, as appropriate to the components' relative
	  importance.
	</p>
      </sect>

      <sect id="breaks">
	<heading>Packages which break other packages - <tt>Breaks</tt></heading>

	<p>
	  When one binary package declares that it breaks another,
	  <prgn>dpkg</prgn> will refuse to allow the package which
	  declares <tt>Breaks</tt> to be unpacked unless the broken
	  package is deconfigured first, and it will refuse to
	  allow the broken package to be reconfigured.
	</p>

	<p>
	  A package will not be regarded as causing breakage merely
	  because its configuration files are still installed; it must
	  be at least "Half-Installed".
	</p>

	<p>
	  A special exception is made for packages which declare that
	  they break their own package name or a virtual package which
	  they provide (see below): this does not count as a real
	  breakage.
	</p>

	<p>
	  Normally a <tt>Breaks</tt> entry will have an "earlier than"
	  version clause; such a <tt>Breaks</tt> is introduced in the
	  version of an (implicit or explicit) dependency which violates
	  an assumption or reveals a bug in earlier versions of the broken
	  package, or which takes over a file from earlier versions of the
	  package named in <tt>Breaks</tt>.  This use of <tt>Breaks</tt>
	  will inform higher-level package management tools that the
	  broken package must be upgraded before the new one.
	</p>

	<p>
	  If the breaking package also overwrites some files from the
	  older package, it should use <tt>Replaces</tt> to ensure this
	  goes smoothly.  See <ref id="replaces"> for a full discussion
	  of taking over files from other packages, including how to
	  use <tt>Breaks</tt> in those cases.
	</p>

	<p>
	  Many of the cases where <tt>Breaks</tt> should be used were
	  previously handled with <tt>Conflicts</tt>
	  because <tt>Breaks</tt> did not yet exist.
	  Many <tt>Conflicts</tt> fields should now be <tt>Breaks</tt>.
	  See <ref id="conflicts"> for more information about the
	  differences.
	</p>
      </sect>

      <sect id="conflicts">
	<heading>Conflicting binary packages - <tt>Conflicts</tt></heading>

	<p>
          When one binary package declares a conflict with another using
	  a <tt>Conflicts</tt> field, <prgn>dpkg</prgn> will refuse to
	  allow them to be unpacked on the system at the same time.  This
	  is a stronger restriction than <tt>Breaks</tt>, which prevents
	  the broken package from being configured while the breaking
	  package is in the "Unpacked" state but allows both packages to
	  be unpacked at the same time.
	</p>

	<p>
	  If one package is to be unpacked, the other must be removed
	  first.  If the package being unpacked is marked as replacing
	  (see <ref id="replaces">, but note that <tt>Breaks</tt> should
	  normally be used in this case) the one on the system, or the one
	  on the system is marked as deselected, or both packages are
	  marked <tt>Essential</tt>, then <prgn>dpkg</prgn> will
	  automatically remove the package which is causing the conflict.
	  Otherwise, it will halt the installation of the new package with
	  an error.  This mechanism is specifically designed to produce an
	  error when the installed package is <tt>Essential</tt>, but the
	  new package is not.
	</p>

	<p>
	  A package will not cause a conflict merely because its
	  configuration files are still installed; it must be at least
	  "Half-Installed".
	</p>

	<p>
	  A special exception is made for packages which declare a
	  conflict with their own package name, or with a virtual
	  package which they provide (see below): this does not
	  prevent their installation, and allows a package to conflict
	  with others providing a replacement for it.  You use this
	  feature when you want the package in question to be the only
	  package providing some feature.
	</p>

	<p>
	  Normally, <tt>Breaks</tt> should be used instead
	  of <tt>Conflicts</tt> since <tt>Conflicts</tt> imposes a
	  stronger restriction on the ordering of package installation or
	  upgrade and can make it more difficult for the package manager
	  to find a correct solution to an upgrade or installation
	  problem.  <tt>Breaks</tt> should be used
	  <list>
	    <item>when moving a file from one package to another (see
	      <ref id="replaces">),</item>
	    <item>when splitting a package (a special case of the previous
	      one), or</item>
	    <item>when the breaking package exposes a bug in or interacts
	      badly with particular versions of the broken
	      package.</item>
	  </list>
	  <tt>Conflicts</tt> should be used
	  <list>
	    <item>when two packages provide the same file and will
	      continue to do so,</item>
	    <item>in conjunction with <tt>Provides</tt> when only one
	      package providing a given virtual facility may be unpacked
	      at a time (see <ref id="virtual">),</item>
	    <item>in other cases where one must prevent simultaneous
	      installation of two packages for reasons that are ongoing
	      (not fixed in a later version of one of the packages) or
	      that must prevent both packages from being unpacked at the
	      same time, not just configured.</item>
	  </list>
	  Be aware that adding <tt>Conflicts</tt> is normally not the best
	  solution when two packages provide the same files.  Depending on
	  the reason for that conflict, using alternatives or renaming the
	  files is often a better approach.  See, for
	  example, <ref id="binaries">.
	</p>

	<p>
	  Neither <tt>Breaks</tt> nor <tt>Conflicts</tt> should be used
	  unless two packages cannot be installed at the same time or
	  installing them both causes one of them to be broken or
	  unusable.  Having similar functionality or performing the same
	  tasks as another package is not sufficient reason to
	  declare <tt>Breaks</tt> or <tt>Conflicts</tt> with that package.
	</p>

	<p>
	  A <tt>Conflicts</tt> entry may have an "earlier than" version
	  clause if the reason for the conflict is corrected in a later
	  version of one of the packages.  However, normally the presence
	  of an "earlier than" version clause is a sign
	  that <tt>Breaks</tt> should have been used instead.  An "earlier
	  than" version clause in <tt>Conflicts</tt>
	  prevents <prgn>dpkg</prgn> from upgrading or installing the
	  package which declares such a conflict until the upgrade or
	  removal of the conflicted-with package has been completed, which
	  is a strong restriction.
	</p>
      </sect>

      <sect id="virtual"><heading>Virtual packages - <tt>Provides</tt>
	</heading>

        <p>
	  As well as the names of actual ("concrete") packages, the
	  package relationship fields <tt>Depends</tt>,
	  <tt>Recommends</tt>, <tt>Suggests</tt>, <tt>Enhances</tt>,
	  <tt>Pre-Depends</tt>, <tt>Breaks</tt>, <tt>Conflicts</tt>,
	  <tt>Build-Depends</tt>, <tt>Build-Depends-Indep</tt>,
	  <tt>Build-Conflicts</tt> and <tt>Build-Conflicts-Indep</tt>
	  may mention "virtual packages".
	</p>

	<p>
	  A <em>virtual package</em> is one which appears in the
	  <tt>Provides</tt> control field of another package.  The effect
	  is as if the package(s) which provide a particular virtual
	  package name had been listed by name everywhere the virtual
	  package name appears. (See also <ref id="virtual_pkg">)
	</p>

	<p>
	  If there are both concrete and virtual packages of the same
	  name, then the dependency may be satisfied (or the conflict
	  caused) by either the concrete package with the name in
	  question or any other concrete package which provides the
	  virtual package with the name in question.  This is so that,
	  for example, supposing we have
	  <example compact="compact">
Package: foo
Depends: bar
	  </example> and someone else releases an enhanced version of
	  the <tt>bar</tt> package they can say:
	  <example compact="compact">
Package: bar-plus
Provides: bar
	  </example>
	  and the <tt>bar-plus</tt> package will now also satisfy the
	  dependency for the <tt>foo</tt> package.
	</p>

	<p>
	  If a relationship field has a version number attached, only real
	  packages will be considered to see whether the relationship is
	  satisfied (or the prohibition violated, for a conflict or
	  breakage).  In other words, if a version number is specified,
	  this is a request to ignore all <tt>Provides</tt> for that
	  package name and consider only real packages.  The package
	  manager will assume that a package providing that virtual
	  package is not of the "right" version.  A <tt>Provides</tt>
	  field may not contain version numbers, and the version number of
	  the concrete package which provides a particular virtual package
	  will not be considered when considering a dependency on or
	  conflict with the virtual package name.<footnote>
	    It is possible that a future release of <prgn>dpkg</prgn> may
	    add the ability to specify a version number for each virtual
	    package it provides.  This feature is not yet present,
	    however, and is expected to be used only infrequently.
	  </footnote>
	</p>

	<p>
	  To specify which of a set of real packages should be the default
	  to satisfy a particular dependency on a virtual package, list
	  the real package as an alternative before the virtual one.
	</p>

	<p>
	  If the virtual package represents a facility that can only be
	  provided by one real package at a time, such as
	  the <package>mail-transport-agent</package> virtual package that
	  requires installation of a binary that would conflict with all
	  other providers of that virtual package (see
	  <ref id="mail-transport-agents">), all packages providing that
	  virtual package should also declare a conflict with it
	  using <tt>Conflicts</tt>.  This will ensure that at most one
	  provider of that virtual package is unpacked or installed at a
	  time.
	</p>
      </sect>

      <sect id="replaces"><heading>Overwriting files and replacing
	  packages - <tt>Replaces</tt></heading>

	<p>
          Packages can declare in their control file that they should
          overwrite files in certain other packages, or completely replace
          other packages. The <tt>Replaces</tt> control field has these
          two distinct purposes.
	</p>

	<sect1><heading>Overwriting files in other packages</heading>

	  <p>
	    It is usually an error for a package to contain files which
	    are on the system in another package.  However, if the
	    overwriting package declares that it <tt>Replaces</tt> the one
	    containing the file being overwritten, then <prgn>dpkg</prgn>
	    will replace the file from the old package with that from the
	    new.  The file will no longer be listed as "owned" by the old
	    package and will be taken over by the new package.
	    Normally, <tt>Breaks</tt> should be used in conjunction
	    with <tt>Replaces</tt>.<footnote>
	      To see why <tt>Breaks</tt> is normally needed in addition
	      to <tt>Replaces</tt>, consider the case of a file in the
	      package <package>foo</package> being taken over by the
	      package <package>foo-data</package>.
	      <tt>Replaces</tt> will allow <package>foo-data</package> to
	      be installed and take over that file.  However,
	      without <tt>Breaks</tt>, nothing
	      requires <package>foo</package> to be upgraded to a newer
	      version that knows it does not include that file and instead
	      depends on <package>foo-data</package>.  Nothing would
	      prevent the new <package>foo-data</package> package from
	      being installed and then removed, removing the file that it
	      took over from <package>foo</package>.  After that
	      operation, the package manager would think the system was in
	      a consistent state, but the <package>foo</package> package
	      would be missing one of its files.
	    </footnote>
	  </p>

	  <p>
	    For example, if a package <package>foo</package> is split
	    into <package>foo</package> and <package>foo-data</package>
	    starting at version 1.2-3, <package>foo-data</package> would
	    have the fields
	    <example compact="compact">
Replaces: foo (&lt;&lt; 1.2-3)
Breaks: foo (&lt;&lt; 1.2-3)
	    </example>
	    in its control file.  The new version of the
	    package <package>foo</package> would normally have the field
	    <example compact="compact">
Depends: foo-data (&gt;= 1.2-3)
	    </example>
	    (or possibly <tt>Recommends</tt> or even <tt>Suggests</tt> if
	    the files moved into <package>foo-data</package> are not
	    required for normal operation).
	  </p>

	  <p>
	    If a package is completely replaced in this way, so that
	    <prgn>dpkg</prgn> does not know of any files it still
	    contains, it is considered to have "disappeared".  It will
	    be marked as not wanted on the system (selected for
	    removal) and "Not-Installed".  Any <tt>conffile</tt>s
	    details noted for the package will be ignored, as they
	    will have been taken over by the overwriting package.  The
	    package's <prgn>postrm</prgn> script will be run with a
	    special argument to allow the package to do any final
	    cleanup required.  See <ref id="mscriptsinstact">.
	    <footnote>
	      Replaces is a one way relationship.  You have to install
	      the replacing package after the replaced package.
	    </footnote>
	  </p>

	  <p>
	    For this usage of <tt>Replaces</tt>, virtual packages (see
	    <ref id="virtual">) are not considered when looking at a
	    <tt>Replaces</tt> field.  The packages declared as being
	    replaced must be mentioned by their real names.
	  </p>

	  <p>
	    This usage of <tt>Replaces</tt> only takes effect when both
	    packages are at least partially on the system at once.  It is
	    not relevant if the packages conflict unless the conflict has
	    been overridden.
	  </p>
	</sect1>

	<sect1><heading>Replacing whole packages, forcing their
	    removal</heading>

	  <p>
	    Second, <tt>Replaces</tt> allows the packaging system to
	    resolve which package should be removed when there is a
	    conflict (see <ref id="conflicts">).  This usage only takes
	    effect when the two packages <em>do</em> conflict, so that the
	    two usages of this field do not interfere with each other.
	  </p>

	  <p>
	    In this situation, the package declared as being replaced
	    can be a virtual package, so for example, all mail
	    transport agents (MTAs) would have the following fields in
	    their control files:
	    <example compact="compact">
Provides: mail-transport-agent
Conflicts: mail-transport-agent
Replaces: mail-transport-agent
	    </example>
	    ensuring that only one MTA can be unpacked at any one
	    time.  See <ref id="virtual"> for more information about this
	    example.
	</sect1>
      </sect>

      <sect id="sourcebinarydeps">
	<heading>Relationships between source and binary packages -
	  <tt>Build-Depends</tt>, <tt>Build-Depends-Indep</tt>,
	  <tt>Build-Conflicts</tt>, <tt>Build-Conflicts-Indep</tt>
	</heading>

	<p>
          Source packages that require certain binary packages to be
          installed or absent at the time of building the package
          can declare relationships to those binary packages.
        </p>

        <p>
          This is done using the <tt>Build-Depends</tt>,
          <tt>Build-Depends-Indep</tt>, <tt>Build-Conflicts</tt> and
          <tt>Build-Conflicts-Indep</tt> control fields.
        </p>

        <p>
          Build-dependencies on "build-essential" binary packages can be
          omitted. Please see <ref id="pkg-relations"> for more information.
	</p>

	<p>
          The dependencies and conflicts they define must be satisfied
          (as defined earlier for binary packages) in order to invoke
          the targets in <tt>debian/rules</tt>, as follows:<footnote>
	    <p>
	      There is no Build-Depends-Arch; this role is essentially
	      met with Build-Depends.  Anyone building the
	      <tt>build-indep</tt> and <tt>binary-indep</tt> targets is
	      assumed to be building the whole package, and therefore
	      installation of all build dependencies is required.
	    </p>
	    <p>
	      The autobuilders use <tt>dpkg-buildpackage -B</tt>, which
	      calls <tt>build</tt>, not <tt>build-arch</tt> since it does
	      not yet know how to check for its existence, and
	      <tt>binary-arch</tt>.  The purpose of the original split
	      between <tt>Build-Depends</tt> and
	      <tt>Build-Depends-Indep</tt> was so that the autobuilders
	      wouldn't need to install extra packages needed only for the
	      binary-indep targets.  But without a build-arch/build-indep
	      split, this didn't work, since most of the work is done in
	      the build target, not in the binary target.
	    </p>
	  </footnote>
	  <taglist>
	    <tag><tt>clean</tt>, <tt>build-arch</tt>, and
	      <tt>binary-arch</tt></tag>
	    <item>
	      Only the <tt>Build-Depends</tt> and <tt>Build-Conflicts</tt>
	      fields must be satisfied when these targets are invoked.
	    </item>
	    <tag><tt>build</tt>, <tt>build-indep</tt>, <tt>binary</tt>,
	      and <tt>binary-indep</tt></tag>
	    <item>
	      The <tt>Build-Depends</tt>, <tt>Build-Conflicts</tt>,
	      <tt>Build-Depends-Indep</tt>, and
	      <tt>Build-Conflicts-Indep</tt> fields must be satisfied when
	      these targets are invoked.
	    </item>
	  </taglist>
	</p>
      </sect>

      <sect id="built-using">
	<heading>Additional source packages used to build the binary
	  - <tt>Built-Using</tt>
	</heading>

	<p>
	  Some binary packages incorporate parts of other packages when built
	  but do not have to depend on those packages.  Examples include
	  linking with static libraries or incorporating source code from
	  another package during the build.  In this case, the source packages
	  of those other packages are a required part of the complete source
	  (the binary package is not reproducible without them).
	</p>

	<p>
	  A <tt>Built-Using</tt> field must list the corresponding source
	  package for any such binary package incorporated during the build
	  <footnote>
	    <tt>Build-Depends</tt> in the source package is not adequate since
	    it (rightfully) does not document the exact version used in the
	    build.
	  </footnote>,
	  including an "exactly equal" ("=") version relation on the version
	  that was used to build that binary package<footnote>
	    The archive software might reject packages that refer to
	    non-existent sources.
	  </footnote>.
	</p>

	<p>
	  A package using the source code from the gcc-4.6-source
	  binary package built from the gcc-4.6 source package would
	  have this field in its control file:
	  <example compact="compact">
Built-Using: gcc-4.6 (= 4.6.0-11)
	  </example>
	</p>

	<p>
	  A package including binaries from grub2 and loadlin would
	  have this field in its control file:
	  <example compact="compact">
Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
	  </example>
	</p>
      </sect>
    </chapt>


    <chapt id="sharedlibs"><heading>Shared libraries</heading>

      <p>
	Packages containing shared libraries must be constructed with
	a little care to make sure that the shared library is always
	available.  This is especially important for packages whose
	shared libraries are vitally important, such as the C library
	(currently <tt>libc6</tt>).
      </p>

      <p>
	This section deals only with public shared libraries: shared
	libraries that are placed in directories searched by the dynamic
	linker by default or which are intended to be linked against
	normally and possibly used by other, independent packages.  Shared
	libraries that are internal to a particular package or that are
	only loaded as dynamic modules are not covered by this section and
	are not subject to its requirements.
      </p>

      <p>
	A shared library is identified by the <tt>SONAME</tt> attribute
	stored in its dynamic section.  When a binary is linked against a
	shared library, the <tt>SONAME</tt> of the shared library is
	recorded in the binary's <tt>NEEDED</tt> section so that the
	dynamic linker knows that library must be loaded at runtime.  The
	shared library file's full name (which usually contains additional
	version information not needed in the <tt>SONAME</tt>) is
	therefore normally not referenced directly.  Instead, the shared
	library is loaded by its <tt>SONAME</tt>, which exists on the file
	system as a symlink pointing to the full name of the shared
	library.  This symlink must be provided by the
	package.  <ref id="sharedlibs-runtime"> describes how to do this.
	<footnote>
	  This is a convention of shared library versioning, but not a
	  requirement.  Some libraries use the <tt>SONAME</tt> as the full
	  library file name instead and therefore do not need a symlink.
	  Most, however, encode additional information about
	  backwards-compatible revisions as a minor version number in the
	  file name.  The <tt>SONAME</tt> itself only changes when
	  binaries linked with the earlier version of the shared library
	  may no longer work, but the filename may change with each
	  release of the library.  See <ref id="sharedlibs-runtime"> for
	  more information.
	</footnote>
      </p>

      <p>
	When linking a binary or another shared library against a shared
	library, the <tt>SONAME</tt> for that shared library is not yet
	known.  Instead, the shared library is found by looking for a file
	matching the library name with <tt>.so</tt> appended.  This file
	exists on the file system as a symlink pointing to the shared
	library.
      </p>

      <p>
	Shared libraries are normally split into several binary packages.
	The <tt>SONAME</tt> symlink is installed by the runtime shared
	library package, and the bare <tt>.so</tt> symlink is installed in
	the development package since it's only used when linking binaries
	or shared libraries.  However, there are some exceptions for
	unusual shared libraries or for shared libraries that are also
	loaded as dynamic modules by other programs.
      </p>

      <p>
	This section is primarily concerned with how the separation of
	shared libraries into multiple packages should be done and how
	dependencies on and between shared library binary packages are
	managed in Debian.  <ref id="libraries"> should be read in
	conjunction with this section and contains additional rules for
	the files contained in the shared library packages.
      </p>

      <sect id="sharedlibs-runtime">
	<heading>Run-time shared libraries</heading>

	<p>
	  The run-time shared library must be placed in a package
	  whose name changes whenever the <tt>SONAME</tt> of the shared
	  library changes.  This allows several versions of the shared
	  library to be installed at the same time, allowing installation
	  of the new version of the shared library without immediately
	  breaking binaries that depend on the old version.  Normally, the
	  run-time shared library and its <tt>SONAME</tt> symlink should
	  be placed in a package named
	  <package><var>libraryname</var><var>soversion</var></package>,
	  where <var>soversion</var> is the version number in
	  the <tt>SONAME</tt> of the shared library.  Alternatively, if it
	  would be confusing to directly append <var>soversion</var>
	  to <var>libraryname</var> (if, for
	  example, <var>libraryname</var> itself ends in a number), you
	  should use
	  <package><var>libraryname</var>-<var>soversion</var></package>
	  instead.
	</p>

	<p>
	  To determine the <var>soversion</var>, look at
	  the <tt>SONAME</tt> of the library, stored in the
	  ELF <tt>SONAME</tt> attribute.  It is usually of the
	  form <tt><var>name</var>.so.<var>major-version</var></tt> (for
	  example, <tt>libz.so.1</tt>).  The version part is the part
	  which comes after <tt>.so.</tt>, so in that example it
	  is <tt>1</tt>.  The soname may instead be of the
	  form <tt><var>name</var>-<var>major-version</var>.so</tt>, such
	  as <tt>libdb-5.1.so</tt>, in which case the name would
	  be <tt>libdb</tt> and the version would be <tt>5.1</tt>.
	</p>

	<p>
	  If you have several shared libraries built from the same source
	  tree, you may lump them all together into a single shared
	  library package provided that all of their <tt>SONAME</tt>s will
	  always change together.  Be aware that this is not normally the
	  case, and if the <tt>SONAME</tt>s do not change together,
	  upgrading such a merged shared library package will be
	  unnecessarily difficult because of file conflicts with the old
	  version of the package.  When in doubt, always split shared
	  library packages so that each binary package installs a single
	  shared library.
	</p>

	<p>
	  Every time the shared library ABI changes in a way that may
	  break binaries linked against older versions of the shared
	  library, the <tt>SONAME</tt> of the library and the
	  corresponding name for the binary package containing the runtime
	  shared library should change.  Normally, this means
	  the <tt>SONAME</tt> should change any time an interface is
	  removed from the shared library or the signature of an interface
	  (the number of parameters or the types of parameters that it
	  takes, for example) is changed.  This practice is vital to
	  allowing clean upgrades from older versions of the package and
	  clean transitions between the old ABI and new ABI without having
	  to upgrade every affected package simultaneously.
	</p>

	<p>
	  The <tt>SONAME</tt> and binary package name need not, and indeed
	  normally should not, change if new interfaces are added but none
	  are removed or changed, since this will not break binaries
	  linked against the old shared library.  Correct versioning of
	  dependencies on the newer shared library by binaries that use
	  the new interfaces is handled via
	  the <qref id="sharedlibs-depends"><tt>symbols</tt>
	  or <tt>shlibs</tt> system</qref>.
	</p>

      <p>
	The package should install the shared libraries under
	their normal names.  For example, the <package>libgdbm3</package>
	package should install <file>libgdbm.so.3.0.0</file> as
	<file>/usr/lib/libgdbm.so.3.0.0</file>.  The files should not be
	renamed or re-linked by any <prgn>prerm</prgn> or
	<prgn>postrm</prgn> scripts; <prgn>dpkg</prgn> will take care
	of renaming things safely without affecting running programs,
	and attempts to interfere with this are likely to lead to
	problems.
      </p>

      <p>
	Shared libraries should not be installed executable, since
	the dynamic linker does not require this and trying to
	execute a shared library usually results in a core dump.
      </p>

      <p>
	The run-time library package should include the symbolic link for
	the <tt>SONAME</tt> that <prgn>ldconfig</prgn> would create for
	the shared libraries.  For example,
	the <package>libgdbm3</package> package should include a symbolic
	link from <file>/usr/lib/libgdbm.so.3</file> to
	<file>libgdbm.so.3.0.0</file>.  This is needed so that the dynamic
	linker (for example <prgn>ld.so</prgn> or
	<prgn>ld-linux.so.*</prgn>) can find the library between the
	time that <prgn>dpkg</prgn> installs it and the time that
	<prgn>ldconfig</prgn> is run in the <prgn>postinst</prgn>
	script.<footnote>
	    The package management system requires the library to be
	    placed before the symbolic link pointing to it in the
	    <file>.deb</file> file.  This is so that when
	    <prgn>dpkg</prgn> comes to install the symlink
	    (overwriting the previous symlink pointing at an older
	    version of the library), the new shared library is already
	    in place.  In the past, this was achieved by creating the
	    library in the temporary packaging directory before
	    creating the symlink.  Unfortunately, this was not always
	    effective, since the building of the tar file in the
	    <file>.deb</file> depended on the behavior of the underlying
	    file system.  Some file systems (such as reiserfs) reorder
	    the files so that the order of creation is forgotten.
	    Since version 1.7.0, <prgn>dpkg</prgn>
	    reorders the files itself as necessary when building a
	    package.  Thus it is no longer important to concern
	    oneself with the order of file creation.
	</footnote>
      </p>

	<sect1 id="ldconfig">
	  <heading><tt>ldconfig</tt></heading>

	<p>
	  Any package installing shared libraries in one of the default
	  library directories of the dynamic linker (which are currently
	  <file>/usr/lib</file> and <file>/lib</file>) or a directory that is
	  listed in <file>/etc/ld.so.conf</file><footnote>
	    These are currently <file>/usr/local/lib</file> plus
	    directories under <file>/lib</file> and <file>/usr/lib</file>
	    matching the multiarch triplet for the system architecture.
	  </footnote>
	  must use <prgn>ldconfig</prgn> to update the shared library
	  system.
	</p>

	<p>
            The package maintainer scripts must only call
            <prgn>ldconfig</prgn> under these circumstances:
            <list compact="compact">
              <item>When the <prgn>postinst</prgn> script is run with a
                  first argument of <tt>configure</tt>, the script must call
                  <prgn>ldconfig</prgn>, and may optionally invoke
                  <prgn>ldconfig</prgn> at other times.
              </item>
              <item>When the <prgn>postrm</prgn> script is run with a
                  first argument of <tt>remove</tt>, the script should call
                  <prgn>ldconfig</prgn>.
              </item>
            </list>
         <footnote>
	    <p>
	      During install or upgrade, the preinst is called before
	      the new files are unpacked, so calling "ldconfig" is
	      pointless.  The preinst of an existing package can also be
	      called if an upgrade fails.  However, this happens during
	      the critical time when a shared libs may exist on-disk
	      under a temporary name.  Thus, it is dangerous and
	      forbidden by current policy to call "ldconfig" at this
	      time.
	    </p>

	    <p>
	      When a package is installed or upgraded, "postinst
	      configure" runs after the new files are safely on-disk.
	      Since it is perfectly safe to invoke ldconfig
	      unconditionally in a postinst, it is OK for a package to
	      simply put ldconfig in its postinst without checking the
	      argument.  The postinst can also be called to recover from
	      a failed upgrade.  This happens before any new files are
	      unpacked, so there is no reason to call "ldconfig" at this
	      point.
	    </p>

	    <p>
	      For a package that is being removed, prerm is
	      called with all the files intact, so calling ldconfig is
	      useless.  The other calls to "prerm" happen in the case of
	      upgrade at a time when all the files of the old package
	      are on-disk, so again calling "ldconfig" is pointless.
	    </p>

	    <p>
	      postrm, on the other hand, is called with the "remove"
	      argument just after the files are removed, so this is
	      the proper time to call "ldconfig" to notify the system
	      of the fact that the shared libraries from the package
	      are removed.  The postrm can be called at several other
	      times.  At the time of "postrm purge", "postrm
	      abort-install", or "postrm abort-upgrade", calling
	      "ldconfig" is useless because the shared lib files are
	      not on-disk.  However, when "postrm" is invoked with
	      arguments "upgrade", "failed-upgrade", or "disappear", a
	      shared lib may exist on-disk under a temporary filename.
	    </p>
	  </footnote>
	</p>
	</sect1>

      </sect>

      <sect id="sharedlibs-support-files">
	<heading>Shared library support files</heading>

	<p>
	  If your package contains files whose names do not change with
	  each change in the library shared object version, you must not
	  put them in the shared library package.  Otherwise, several
	  versions of the shared library cannot be installed at the same
	  time without filename clashes, making upgrades and transitions
	  unnecessarily difficult.
	</p>

	<p>
	  It is recommended that supporting files and run-time support
	  programs that do not need to be invoked manually by users, but
	  are nevertheless required for the package to function, be placed
	  (if they are binary) in a subdirectory of <file>/usr/lib</file>,
	  preferably under <file>/usr/lib/</file><var>package-name</var>.
	  If the program or file is architecture independent, the
	  recommendation is for it to be placed in a subdirectory of
	  <file>/usr/share</file> instead, preferably under
	  <file>/usr/share/</file><var>package-name</var>.  Following the
	  <var>package-name</var> naming convention ensures that the file
	  names change when the shared object version changes.
	</p>

	<p>
	  Run-time support programs that use the shared library but are
	  not required for the library to function or files used by the
	  shared library that can be used by any version of the shared
	  library package should instead be put in a separate package.
	  This package might typically be named
	  <package><var>libraryname</var>-tools</package>; note the
	  absence of the <var>soversion</var> in the package name.
	</p>

	<p>
	  Files and support programs only useful when compiling software
	  against the library should be included in the development
	  package for the library.<footnote>
	    For example, a <file><var>package-name</var>-config</file>
	    script or <package>pkg-config</package> configuration files.
	  </footnote>
	</p>
      </sect>

      <sect id="sharedlibs-static">
	<heading>Static libraries</heading>

      <p>
	The static library (<file><var>libraryname.a</var></file>)
	is usually provided in addition to the shared version.
	It is placed into the development package (see below).
      </p>

      <p>
	In some cases, it is acceptable for a library to be
	available in static form only; these cases include:
	<list>
	  <item>libraries for languages whose shared library support
		is immature or unstable</item>
	  <item>libraries whose interfaces are in flux or under
		development (commonly the case when the library's
		major version number is zero, or where the ABI breaks
		across patchlevels)</item>
	  <item>libraries which are explicitly intended to be
		available only in static form by their upstream
		author(s)</item>
	</list>
      </p>

      <sect id="sharedlibs-dev">
	<heading>Development files</heading>

      <p>
	If there are development files associated with a shared library,
	the source package needs to generate a binary development package
	named <package><var>libraryname</var><var>soversion</var>-dev</package>,
	or if you prefer only to support one development version at a
	time, <package><var>libraryname</var>-dev</package>.  Installing
	the development package must result in installation of all the
	development files necessary for compiling programs against that
	shared library.<footnote>
	  This wording allows the development files to be split into
	  several packages, such as a separate architecture-independent
	  <package><var>libraryname</var>-headers</package>, provided that
	  the development package depends on all the required additional
	  packages.
	</footnote>
      </p>

      <p>
	In case several development versions of a library exist, you may
	need to use <prgn>dpkg</prgn>'s Conflicts mechanism (see
	<ref id="conflicts">) to ensure that the user only installs one
	development version at a time (as different development versions are
	likely to have the same header files in them, which would cause a
	filename clash if both were unpacked).
      </p>

      <p>
	The development package should contain a symlink for the associated
	shared library without a version number. For example, the
	<package>libgdbm-dev</package> package should include a symlink
	from <file>/usr/lib/libgdbm.so</file> to
	<file>libgdbm.so.3.0.0</file>.  This symlink is needed by the linker
	(<prgn>ld</prgn>) when compiling packages, as it will only look for
	<file>libgdbm.so</file> when compiling dynamically.
      </p>

      <p>
	If the package provides Ada Library Information
	(<file>*.ali</file>) files for use with GNAT, these files must be
	installed read-only (mode 0444) so that GNAT will not attempt to
	recompile them.  This overrides the normal file mode requirements
	given in <ref id="permissions-owners">.
      </p>
      </sect>

      <sect id="sharedlibs-intradeps">
	<heading>Dependencies between the packages of the same library</heading>

	<p>
	  Typically the development version should have an exact
	  version dependency on the runtime library, to make sure that
	  compilation and linking happens correctly.  The
	  <tt>${binary:Version}</tt> substitution variable can be
	  useful for this purpose.
          <footnote>
            Previously, <tt>${Source-Version}</tt> was used, but its name
            was confusing and it has been deprecated since dpkg 1.13.19.
          </footnote>
	</p>
      </sect>

      <sect id="sharedlibs-depends">
	<heading>Dependencies between the library and other
	  packages</heading>

	<p>
	  If a package contains a binary or library which links to a
	  shared library, we must ensure that, when the package is
	  installed on the system, all of the libraries needed are also
	  installed.  These dependencies must be added to the binary
	  package when it is built, since they may change based on which
	  version of a shared library the binary or library was linked
	  with even if there are no changes to the source of the binary
	  (for example, symbol versions change, macros become functions or
	  vice versa, or the binary package may determine at compile-time
	  whether new library interfaces are available and can be called).
	  To allow these dependencies to be constructed, shared libraries
	  must provide either a <file>symbols</file> file or
	  a <file>shlibs</file> file.  These provide information on the
	  package dependencies required to ensure the presence of
	  interfaces provided by this library.  Any package with binaries
	  or libraries linking to a shared library must use these files to
	  determine the required dependencies when it is built.  Other
	  packages which use a shared library (for example using
	  <tt>dlopen()</tt>) should compute appropriate dependencies
	  using these files at build time as well.
	</p>

	<p>
	  The two mechanisms differ in the degree of detail that they
	  provide.  A <file>symbols</file> file documents, for each symbol
	  exported by a library, the minimal version of the package any
	  binary using this symbol will need.  This is typically the
	  version of the package in which the symbol was introduced.  This
	  information permits detailed analysis of the symbols used by a
	  particular package and construction of an accurate dependency,
	  but it requires the package maintainer to track more information
	  about the shared library.
	</p>

	<p>
	  A <file>shlibs</file> file, in contrast, only documents the last
	  time the library ABI changed in any way.  It only provides
	  information about the library as a whole, not individual
	  symbols.  When a package is built using a shared library with
	  only a <file>shlibs</file> file, the generated dependency will
	  require a version of the shared library equal to or newer than
	  the version of the last ABI change.  This generates
	  unnecessarily restrictive dependencies compared
	  to <file>symbols</file> files if none of the symbols used by the
	  package have changed.  This, in turn, may make upgrades
	  needlessly complex and unnecessarily restrict use of the package
	  on systems with older versions of the shared libraries.
	</p>

	<p>
	  <file>shlibs</file> files also only support a limited range of
	  library SONAMEs, making it difficult to use <file>shlibs</file>
	  files in some unusual corner cases.<footnote>
	    A <file>shlibs</file> file represents an SONAME as a library
	    name and version number, such as <tt>libfoo VERSION</tt>,
	    instead of recording the actual SONAME.  If the SONAME doesn't
	    match one of the two expected formats
	    (<tt>libfoo-VERSION.so</tt> or <tt>libfoo.so.VERSION</tt>), it
	    cannot be represented.
	  </footnote>
	</p>

	<p>
	  <file>symbols</file> files are therefore recommended for most
	  shared library packages since they provide more accurate
	  dependencies.  For most C libraries, the additional detail
	  required by <file>symbols</file> files is not too difficult to
	  maintain.  However, maintaining exhaustive symbols information
	  for a C++ library can be quite onerous, so <file>shlibs</file>
	  files may be more appropriate for most C++ libraries.  Libraries
	  with a corresponding udeb must also provide
	  a <file>shlibs</file> file, since the udeb infrastructure does
	  not use <file>symbols</file> files.
	</p>

	<sect1 id="dpkg-shlibdeps">
	  <heading>Generating dependencies on shared libraries</heading>

	  <p>
	    When a package that contains any shared libraries or compiled
	    binaries is built, it must run <prgn>dpkg-shlibdeps</prgn> on
	    each shared library and compiled binary to determine the
	    libraries used and hence the dependencies needed by the
	    package.<footnote>
	      <prgn>dpkg-shlibdeps</prgn> will use a program
	      like <prgn>objdump</prgn> or <prgn>readelf</prgn> to find
	      the libraries and the symbols in those libraries directly
	      needed by the binaries or shared libraries in the package.
	    </footnote>
	    To do this, put a call to <prgn>dpkg-shlibdeps</prgn> into
	    your <file>debian/rules</file> file in the source package.
	    List all of the compiled binaries, libraries, or loadable
	    modules in your package.<footnote>
	      The easiest way to call <prgn>dpkg-shlibdeps</prgn>
	      correctly is to use a package helper framework such
	      as <package>debhelper</package>.  If you are
	      using <package>debhelper</package>,
	      the <prgn>dh_shlibdeps</prgn> program will do this work for
	      you.  It will also correctly handle multi-binary packages.
	    </footnote>
	    <prgn>dpkg-shlibdeps</prgn> will use the <file>symbols</file>
	    or <file>shlibs</file> files installed by the shared libraries
	    to generate dependency information.  The package must then
	    provide a substitution variable into which the discovered
	    dependency information can be placed.
	  </p>

	  <p>
	    If you are creating a udeb for use in the Debian Installer,
	    you will need to specify that <prgn>dpkg-shlibdeps</prgn>
	    should use the dependency line of type <tt>udeb</tt> by adding
	    the <tt>-tudeb</tt> option<footnote>
	      <prgn>dh_shlibdeps</prgn> from the <tt>debhelper</tt> suite
	      will automatically add this option if it knows it is
	      processing a udeb.
	    </footnote>. If there is no dependency line of
	    type <tt>udeb</tt> in the <file>shlibs</file>
	    file, <prgn>dpkg-shlibdeps</prgn> will fall back to the
	    regular dependency line.
	  </p>

	  <p>
	    <prgn>dpkg-shlibdeps</prgn> puts the dependency information
	    into the <file>debian/substvars</file> file by default, which
	    is then used by <prgn>dpkg-gencontrol</prgn>.  You will need
	    to place a <tt>${shlibs:Depends}</tt> variable in
	    the <tt>Depends</tt> field in the control file of every binary
	    package built by this source package that contains compiled
	    binaries, libraries, or loadable modules.  If you have
	    multiple binary packages, you will need to
	    call <prgn>dpkg-shlibdeps</prgn> on each one which contains
	    compiled libraries or binaries.  For example, you could use
	    the <tt>-T</tt> option to the <tt>dpkg</tt> utilities to
	    specify a different <file>substvars</file> file for each
	    binary package.<footnote>
	      Again, <prgn>dh_shlibdeps</prgn>
	      and <prgn>dh_gencontrol</prgn> will handle everything except
	      the addition of the variable to the control file for you if
	      you're using <package>debhelper</package>, including
	      generating separate <file>substvars</file> files for each
	      binary package and calling <prgn>dpkg-gencontrol</prgn> with
	      the appropriate flags.
	    </footnote>
	  </p>

	  <p>
	    For more details on <prgn>dpkg-shlibdeps</prgn>,
	    see <manref name="dpkg-shlibdeps" section="1">.
	  </p>

	  <p>
	    We say that a binary <tt>foo</tt> <em>directly</em> uses a
	    library <tt>libbar</tt> if it is explicitly linked with that
	    library (that is, the library is listed in the
	    ELF <tt>NEEDED</tt> attribute, caused by adding <tt>-lbar</tt>
	    to the link line when the binary is created).  Other libraries
	    that are needed by <tt>libbar</tt> are
	    linked <em>indirectly</em> to <tt>foo</tt>, and the dynamic
	    linker will load them automatically when it
	    loads <tt>libbar</tt>.  A package should depend on the
	    libraries it directly uses, but not the libraries it only uses
	    indirectly.  The dependencies for the libraries used
	    directly will automatically pull in the indirectly-used
	    libraries.  <prgn>dpkg-shlibdeps</prgn> will handle this logic
	    automatically, but package maintainers need to be aware of
	    this distinction between directly and indirectly using a
	    library if they have to override its results for some reason.
	    <footnote>
	      A good example of where this helps is the following.  We
	      could update <tt>libimlib</tt> with a new version that
	      supports a new revision of a graphics format called dgf (but
	      retaining the same major version number) and depends on a
	      new library package <package>libdgf4</package> instead of
	      the older <package>libdgf3</package>.  If we
	      used <prgn>ldd</prgn> to add dependencies for every library
	      directly or indirectly linked with a binary, every package
	      that uses <tt>libimlib</tt> would need to be recompiled so
	      it would also depend on <package>libdgf4</package> in order
	      to retire the older <package>libdgf3</package> package.
	      Since dependencies are only added based on
	      ELF <tt>NEEDED</tt> attribute, packages
	      using <tt>libimlib</tt> can rely on <tt>libimlib</tt> itself
	      having the dependency on an appropriate version
	      of <tt>libdgf</tt> and do not need rebuilding.
	    </footnote>
	  </p>
	</sect1>

	<sect1 id="sharedlibs-updates">
	  <heading>Shared library ABI changes</heading>

	  <p>
	    Maintaining a shared library package using
	    either <file>symbols</file> or <file>shlibs</file> files
	    requires being aware of the exposed ABI of the shared library
	    and any changes to it.  Both <file>symbols</file>
	    and <file>shlibs</file> files record every change to the ABI
	    of the shared library; <file>symbols</file> files do so per
	    public symbol, whereas <file>shlibs</file> files record only
	    the last change for the entire library.
	  </p>

	  <p>
	    There are two types of ABI changes: ones that are
	    backward-compatible and ones that are not.  An ABI change is
	    backward-compatible if any reasonable program or library that
	    was linked with the previous version of the shared library
	    will still work correctly with the new version of the shared
	    library.<footnote>
	      An example of an "unreasonable" program is one that uses
	      library interfaces that are documented as internal and
	      unsupported.  If the only programs or libraries affected by
	      a change are "unreasonable" ones, other techniques, such as
	      declaring <tt>Breaks</tt> relationships with affected
	      packages or treating their usage of the library as bugs in
	      those packages, may be appropriate instead of changing the
	      SONAME.  However, the default approach is to change the
	      SONAME for any change to the ABI that could break a program.
	    </footnote>
	    Adding new symbols to the shared library is a
	    backward-compatible change.  Removing symbols from the shared
	    library is not.  Changing the behavior of a symbol may or may
	    not be backward-compatible depending on the change; for
	    example, changing a function to accept a new enum constant not
	    previously used by the library is generally
	    backward-compatible, but changing the members of a struct that
	    is passed into library functions is generally not unless the
	    library takes special precautions to accept old versions of
	    the data structure.
	  </p>

	  <p>
	    ABI changes that are not backward-compatible normally require
	    changing the <tt>SONAME</tt> of the library and therefore the
	    shared library package name, which forces rebuilding all
	    packages using that shared library to update their
	    dependencies and allow them to use the new version of the
	    shared library.  For more information,
	    see <ref id="sharedlibs-runtime">.  The remainder of this
	    section will deal with backward-compatible changes.
	  </p>

	  <p>
	    Backward-compatible changes require either updating or
	    recording the <var>minimal-version</var> for that symbol
	    in <file>symbols</file> files or updating the version in
	    the <var>dependencies</var> in <file>shlibs</file> files.  For
	    more information on how to do this in the two formats, see
	    <ref id="symbols"> and <ref id="shlibs">.  Below are general
	    rules that apply to both files.
	  </p>

	  <p>
	    The easy case is when a public symbol is added.  Simply add
	    the version at which the symbol was introduced
	    (for <file>symbols</file> files) or update the dependency
	    version (for <file>shlibs</file>) files.  But special care
	    should be taken to update dependency versions when the
	    behavior of a public symbol changes.  This is easy to neglect,
	    since there is no automated method of determining such
	    changes, but failing to update versions in this case may
	    result in binary packages with too-weak dependencies that will
	    fail at runtime, possibly in ways that can cause security
	    vulnerabilities.  If the package maintainer believes that a
	    symbol behavior change may have occurred but isn't sure, it's
	    safer to update the version rather than leave it unmodified.
	    This may result in unnecessarily strict dependencies, but it
	    ensures that packages whose dependencies are satisfied will
	    work properly.
	  </p>

	  <p>
	    A common example of when a change to the dependency version
	    is required is a function that takes an enum or struct
	    argument that controls what the function does.  For example:
	    <example>
	      enum library_op { OP_FOO, OP_BAR };
	      int library_do_operation(enum library_op);
	    </example>
	    If a new operation, <tt>OP_BAZ</tt>, is added,
	    the <var>minimal-version</var>
	    of <tt>library_do_operation</tt> (for <file>symbols</file>
	    files) or the version in the dependency for the shared library
	    (for <file>shlibs</file> files) must be increased to the
	    version at which <tt>OP_BAZ</tt> was introduced.  Otherwise, a
	    binary built against the new version of the library (having
	    detected at compile-time that the library
	    supports <tt>OP_BAZ</tt>) may be installed with a shared
	    library that doesn't support <tt>OP_BAZ</tt> and will fail at
	    runtime when it tries to pass <tt>OP_BAZ</tt> into this
	    function.
	  </p>

	  <p>
	    Dependency versions in either <file>symbols</file>
	    or <file>shlibs</file> files normally should not contain the
	    Debian revision of the package, since the library behavior is
	    normally fixed for a particular upstream version and any
	    Debian packaging of that upstream version will have the same
	    behavior.  In the rare case that the library behavior was
	    changed in a particular Debian revision, appending <tt>~</tt>
	    to the end of the version that includes the Debian revision is
	    recommended, since this allows backports of the shared library
	    package using the normal backport versioning convention to
	    satisfy the dependency.
	  </p>
	</sect1>

	<sect1 id="sharedlibs-symbols">
	  <heading>The <tt>symbols</tt> system</heading>

	  <p>
	    In the following sections, we will first describe where the
	    various <file>symbols</file> files are to be found, then
	    the <file>symbols</file> file format, and finally how to
	    create <file>symbols</file> files if your package contains a
	    shared library.
	  </p>

	  <sect2 id="symbols-paths">
	    <heading>The <file>symbols</file> files present on the
	      system</heading>

	    <p>
	      <file>symbols</file> files for a shared library are normally
	      provided by the shared library package as a control file,
	      but there are several override paths that are checked first
	      in case that information is wrong or missing.  The following
	      list gives them in the order in which they are read
	      by <prgn>dpkg-shlibdeps</prgn> The first one that contains
	      the required information is used.
	      <list>
		<item>
		  <p><file>debian/*/DEBIAN/symbols</file></p>

		  <p>
		    During the package build, if the package itself
		    contains shared libraries with <file>symbols</file>
		    files, they will be generated in these staging
		    directories by <prgn>dpkg-gensymbols</prgn>
		    (see <ref id="providing-symbols">).  <file>symbols</file>
		    files found in the build tree take precedence
		    over <file>symbols</file> files from other binary
		    packages.
		  </p>

		  <p>
		    These files must exist
		    before <prgn>dpkg-shlibdeps</prgn> is run or the
		    dependencies of binaries and libraries from a source
		    package on other libraries from that same source
		    package will not be correct.  In practice, this means
		    that <prgn>dpkg-gensymbols</prgn> must be run
		    before <prgn>dpkg-shlibdeps</prgn> during the package
		    build.<footnote>
		      An example may clarify.  Suppose the source
		      package <tt>foo</tt> generates two binary
		      packages, <tt>libfoo2</tt> and <tt>foo-runtime</tt>.
		      When building the binary packages, the contents of
		      the packages are staged in the
		      directories <file>debian/libfoo2</file>
		      and <file>debian/foo-runtime</file> respectively.
		      (<file>debian/tmp</file> could be used instead of
		      one of these.)  Since <tt>libfoo2</tt> provides
		      the <tt>libfoo</tt> shared library, it will contain
		      a <tt>symbols</tt> file, which will be installed
		      in <file>debian/libfoo2/DEBIAN/symbols</file>,
		      eventually to be included as a control file in that
		      package.  When <prgn>dpkg-shlibdeps</prgn> is run on
		      the
		      executable <file>debian/foo-runtime/usr/bin/foo-prog</file>,
		      it will examine
		      the <file>debian/libfoo2/DEBIAN/symbols</file> file
		      to determine whether <tt>foo-prog</tt>'s library
		      dependencies are satisfied by any of the libraries
		      provided by <tt>libfoo2</tt>.  Since those binaries
		      were linked against the just-built shared library as
		      part of the build process, the <file>symbols</file>
		      file for the newly-built <tt>libfoo2</tt> must take
		      precedence over a <file>symbols</file> file for any
		      other <tt>libfoo2</tt> package already installed on
		      the system.
		    </footnote>
		  </p>
		</item>

		<item>
		  <p>
		    <file>/etc/dpkg/symbols/<var>package</var>.symbols.<var>arch</var></file>
		    and <file>/etc/dpkg/symbols/<var>package</var>.symbols</file>
		  </p>

		  <p>
		    Per-system overrides of shared library dependencies.
		    These files normally do not exist.  They are
		    maintained by the local system administrator and must
		    not be created by any Debian package.
		  </p>
		</item>

		<item>
		  <p><file>symbols</file> control files for packages
		    installed on the system</p>

		  <p>
		    The <file>symbols</file> control files for all the
		    packages currently installed on the system are
		    searched last.  This will be the most common source of
		    shared library dependency information.  These are
		    normally found
		    in <file>/var/lib/dpkg/info/*.symbols</file>, but
		    packages should not rely on this and instead should
		    use <tt>dpkg-query --control-path <var>package</var>
		    symbols</tt> if for some reason these files need to be
		    examined.
		  </p>
		</item>
	      </list>
	    </p>

	    <p>
	      Be aware that if a <file>debian/shlibs.local</file> exists
	      in the source package, it will override
	      any <file>symbols</file> files.  This is the only case where
	      a <file>shlibs</file> is used despite <file>symbols</file>
	      files being present.  See <ref id="shlibs-paths">
	      and <ref id="sharedlibs-shlibdeps"> for more information.
	    </p>
	  </sect2>

	  <sect2 id="symbols">
	    <heading>The <file>symbols</file> File Format</heading>

	    <p>
	      The following documents the format of
	      the <file>symbols</file> control file as included in binary
	      packages.  These files are built from
	      template <file>symbols</file> files in the source package
	      by <prgn>dpkg-gensymbols</prgn>.  The template files support
	      a richer syntax that allows <prgn>dpkg-gensymbols</prgn> to
	      do some of the tedious work involved in
	      maintaining <file>symbols</file> files, such as handling C++
	      symbols or optional symbols that may not exist on particular
	      architectures.  When writing <file>symbols</file> files for
	      a shared library package, refer
	      to <manref name="dpkg-gensymbols" section="1"> for the
	      richer syntax.
	    </p>

	    <p>
	      A <file>symbols</file> may contain one or more entries, one
	      for each shared library contained in the package
	      corresponding to that <file>symbols</file>.  Each entry has
	      the following format:
	    </p>

	    <p>
	      <example>
		<var>library-soname</var> <var>main-dependency-template</var>
		[| <var>alternative-dependency-template</var>]
		[...]
		[* <var>field-name</var>: <var>field-value</var>]
		[...]
		<var>symbol</var> <var>minimal-version</var>[ <var>id-of-dependency-template</var> ]
	      </example>
	    </p>

	    <p>
	      To explain this format, we'll use the the <tt>zlib1g</tt>
	      package as an example, which (at the time of writing)
	      installs the shared
	      library <file>/usr/lib/libz.so.1.2.3.4</file>.  Mandatory
	      lines will be described first, followed by optional lines.
	    </p>

	    <p>
	      <var>library-soname</var> must contain exactly the value of
	      the ELF <tt>SONAME</tt> attribute of the shared library.  In
	      our example, this is <tt>libz.so.1</tt>.<footnote>
		This can be determined by using the command
		<example compact="compact">
		  readelf -d /usr/lib/libz.so.1.2.3.4 | grep SONAME
		</example>
	      </footnote>
	    </p>

	    <p>
	      <var>main-dependency-template</var> has the same syntax as a
	      dependency field in a binary package control file, except
	      that the string <tt>#MINVER#</tt> is replaced by a version
	      restriction like <tt>(>= <var>version</var>)</tt> or by
	      nothing if an unversioned dependency is deemed sufficient.
	      The version restriction will be based on which symbols from
	      the shared library are referenced and the version at which
	      they were introduced (see below).  In nearly all
	      cases, <var>main-dependency-template</var> will
	      be <tt><var>package</var> #MINVER#</tt>,
	      where <var>package</var> is the name of the binary package
	      containing the shared library.  This adds a simple,
	      possibly-versioned dependency on the shared library package.
	      In some rare cases, such as when multiple packages provide
	      the same shared library ABI, the dependency template may
	      need to be more complex.
	    </p>

	    <p>
	      In our example, the first line of
	      the <tt>zlib1g</tt> <file>symbols</file> file would be:
	      <example compact="compact">
		libz.so.1 zlib1g #MINVER#
	      </example>
	    </p>

	    <p>
	      Each public symbol exported by the shared library must have
	      a corresponding symbol line, indented by one
	      space.  <var>symbol</var> is the exported symbol (which, for
	      C++, means the mangled symbol) followed by <tt>@</tt> and
	      the symbol version, or the string <tt>Base</tt> if there is
	      no symbol version.  <var>minimal-version</var> is the most
	      recent version of the shared library that changed the
	      behavior of that symbol, whether by adding it, changing its
	      function signature (the parameters, their types, or the
	      return type), or changing its behavior in a way that is
	      visible to a caller.
	      <var>id-of-dependency-template</var> is an optional
	      field that references
	      an <var>alternative-dependency-template</var>; see below for
	      a full description.
	    </p>

	    <p>
	      For example, <tt>libz.so.1</tt> contains the
	      symbols <tt>compress</tt>
	      and <tt>compressBound</tt>.  <tt>compress</tt> has no symbol
	      version and last changed its behavior in upstream
	      version <tt>1:1.1.4</tt>.  <tt>compressBound</tt> has the
	      symbol version <tt>ZLIB_1.2.0</tt>, was introduced in
	      upstream version <tt>1:1.2.0</tt>, and has not changed its
	      behavior.  Its <file>symbols</file> file therefore contains
	      the lines:
	      <example compact="compact">
		compress@Base 1:1.1.4
		compressBound@ZLIB_1.2.0 1:1.2.0
	      </example>
	      Packages using only <tt>compress</tt> would then get a
	      dependency on <tt>zlib1g (>= 1:1.1.4)</tt>, but packages
	      using <tt>compressBound</tt> would get a dependency
	      on <tt>zlib1g (>= 1:1.2.0)</tt>.
	    </p>

	    <p>
	      One or more <var>alternative-dependency-template</var> lines
	      may be provided.  These are used in cases where some symbols
	      in the shared library should use one dependency template
	      while others should use a different template.  The
	      alternative dependency templates are used only if a symbol
	      line contains the <var>id-of-dependency-template</var>
	      field.  The first alternative dependency template is
	      numbered 1, the second 2, and so forth.<footnote>
		An example of where this may be needed is with a library
		that implements the libGL interface.  All GL
		implementations provide the same set of base interfaces,
		and then may provide some additional interfaces only used
		by programs that require that specific GL implementation.
		So, for example, libgl1-mesa-glx may use the
		following <file>symbols</file> file:
		<example>
		  libGL.so.1 libgl1
		  | libgl1-mesa-glx #MINVER#
		  publicGlSymbol@Base 6.3-1
		  [...]
		  implementationSpecificSymbol@Base 6.5.2-7 1
		  [...]
		</example>
		Binaries or shared libraries using
		only <tt>publicGlSymbol</tt> would depend only
		on <tt>libgl1</tt> (which may be provided by multiple
		packages), but ones
		using <tt>implementationSpecificSymbol</tt> would get a
		dependency on <tt>libgl1-mesa-glx (>= 6.5.2-7)</tt>
	      </footnote>
	    </p>

	    <p>
	      Finally, the entry for the library may contain one or more
	      metadata fields.  Currently, the only
	      supported <var>field-name</var>
	      is <tt>Build-Depends-Package</tt>, whose value lists
	      the <qref id="sharedlibs-dev">library development
	      package</qref> on which packages using this shared library
	      declare a build dependency.  If this field is
	      present, <prgn>dpkg-shlibdeps</prgn> uses it to ensure that
	      the resulting binary package dependency on the shared
	      library is at least as strict as the source package
	      dependency on the shared library development
	      package.<footnote>
		This field should normally not be necessary, since if the
		behavior of any symbol has changed, the corresponding
		symbol <var>minimal-version</var> should have been
		increased.  But including it makes the <tt>symbols</tt>
		system more robust by tightening the dependency in cases
		where the package using the shared library specifically
		requires at least a particular version of the shared
		library development package for some reason.
	      </footnote>
	      For our example, the <tt>zlib1g</tt> <file>symbols</file>
	      file would contain:
	      <example compact="compact">
		* Build-Depends-Package: zlib1g-dev
	      </example>
	    </p>

	    <p>
	      Also see <manref name="deb-symbols" section="5">.
	    </p>
	  </sect2>

	  <sect2 id="providing-symbols">
	    <heading>Providing a <file>symbols</file> file</heading>

	    <p>
	      If your package provides a shared library, you should
	      arrange to include a <file>symbols</file> control file
	      following the format described above in that package.  You
	      must include either a <file>symbols</file> control file or
	      a <file>shlibs</file> control file.
	    </p>

	    <p>
	      Normally, this is done by creating a <file>symbols</file> in
	      the source package
	      named <file>debian/<var>package</var>.symbols</file>
	      or <file>debian/symbols</file>, possibly
	      with <file>.<var>arch</var></file> appended if the symbols
	      information varies by architecture.  This file may use the
	      extended syntax documented in <manref name="dpkg-gensymbols"
	      section="1">.  Then, call <prgn>dpkg-gensymbols</prgn> as
	      part of the package build process.  It will
	      create <file>symbols</file> files in the package staging
	      area based on the binaries and libraries in the package
	      staging area and the <file>symbols</file> files in the
	      source package.<footnote>
		If you are
		using <tt>debhelper</tt>, <prgn>dh_makeshlibs</prgn> will
		take care of calling either <prgn>dpkg-gensymbols</prgn>
		or generating a <file>shlibs</file> file as appropriate.
	      </footnote>
	    </p>

	    <p>
	      Packages that provide <file>symbols</file> files must keep
	      them up-to-date to ensure correct dependencies in packages
	      that use the shared libraries.  This means updating
	      the <file>symbols</file> file whenever a new public symbol
	      is added, changing the <var>minimal-version</var> field
	      whenever a symbol changes behavior or signature in a
	      backward-compatible way (see <ref id="sharedlibs-updates">),
	      and changing the <var>library-soname</var>
	      and <var>main-dependency-template</var>, and probably all of
	      the <var>minimal-version</var> fields, when the library
	      changes <tt>SONAME</tt>.  Removing a public symbol from
	      the <file>symbols</file> file because it's no longer
	      provided by the library normally requires changing
	      the <tt>SONAME</tt> of the library.
	      See <ref id="sharedlibs-runtime"> for more information
	      on <tt>SONAME</tt>s.
	    </p>
	  </sect2>
	</sect1>

	<sect1 id="sharedlibs-shlibdeps">
	  <heading>The <tt>shlibs</tt> system</heading>

	  <p>
	    The <tt>shlibs</tt> system is a simpler alternative to
	    the <tt>symbols</tt> system for declaring dependencies for
	    shared libraries.  It may be more appropriate for C++
	    libraries and other cases where tracking individual symbols is
	    too difficult.  It predated the <tt>symbols</tt> system and is
	    therefore frequently seen in older packages.  It is also
	    required for udebs, which do not support <tt>symbols</tt>.
	  </p>

	  <p>
	    In the following sections, we will first describe where the
	    various <file>shlibs</file> files are to be found, then how to
	    use <prgn>dpkg-shlibdeps</prgn>, and finally
	    the <file>shlibs</file> file format and how to create them.
	  </p>

	  <sect2 id="shlibs-paths">
	    <heading>The <file>shlibs</file> files present on the
	      system</heading>

	    <p>
	      There are several places where <tt>shlibs</tt> files are
	      found.  The following list gives them in the order in which
	      they are read by <prgn>dpkg-shlibdeps</prgn>.  (The first
	      one which gives the required information is used.)
	      <list>
		<item>
		  <p><file>debian/shlibs.local</file></p>

		  <p>
		    This lists overrides for this package.  This file
		    should normally not be used, but may be needed
		    temporarily in unusual situations to work around bugs
		    in other packages, or in unusual cases where the
		    normally declared dependency information in the
		    installed <file>shlibs</file> file for a library
		    cannot be used.  This file overrides information
		    obtained from any other source.
		  </p>
		</item>

		<item>
		  <p><file>/etc/dpkg/shlibs.override</file></p>

		  <p>
		    This lists global overrides.  This list is normally
		    empty.  It is maintained by the local system
		    administrator.
		  </p>
		</item>

		<item>
		  <p><file>DEBIAN/shlibs</file> files in the "build
		    directory"</p>

		  <p>
		    These files are generated as part of the package build
		    process and staged for inclusion as control files in
		    the binary packages being built.  They provide details
		    of any shared libraries included in the same package.
		  </p>
		</item>

		<item>
		  <p><file>shlibs</file> control files for packages
		    installed on the system</p>

		  <p>
		    The <file>shlibs</file> control files for all the
		    packages currently installed on the system.  These are
		    normally found
		    in <file>/var/lib/dpkg/info/*.shlibs</file>, but
		    packages should not rely on this and instead should
		    use <tt>dpkg-query --control-path <var>package</var>
		    shlibs</tt> if for some reason these files need to be
		    examined.
		  </p>
		</item>

		<item>
		  <p><file>/etc/dpkg/shlibs.default</file></p>

		  <p>
		    This file lists any shared libraries whose packages
		    have failed to provide correct <file>shlibs</file>
		    files.  It was used when the <file>shlibs</file> setup
		    was first introduced, but it is now normally empty.
		    It is maintained by the <tt>dpkg</tt> maintainer.
		  </p>
		</item>
	      </list>
	    </p>

	    <p>
	      If a <file>symbols</file> file for a shared library package
	      is available, <prgn>dpkg-shlibdeps</prgn> will always use it
	      in preference to a <file>shlibs</file>, with the exception
	      of <file>debian/shlibs.local</file>.  The latter overrides
	      any other <file>shlibs</file> or <file>symbols</file> files.
	    </p>
	  </sect2>

	  <sect2 id="shlibs">
	    <heading>The <file>shlibs</file> File Format</heading>

	    <p>
	      Each <file>shlibs</file> file has the same format.  Lines
	      beginning with <tt>#</tt> are considered to be comments and
	      are ignored.  Each line is of the form:
	      <example compact="compact">
		[<var>type</var>: ]<var>library-name</var> <var>soname-version</var> <var>dependencies ...</var>
	      </example>
	    </p>

	    <p>
	      We will explain this by reference to the example of the
	      <tt>zlib1g</tt> package, which (at the time of writing)
	      installs the shared
	      library <file>/usr/lib/libz.so.1.2.3.4</file>.
	    </p>

	    <p>
	      <var>type</var> is an optional element that indicates the
	      type of package for which the line is valid. The only type
	      currently in use is <tt>udeb</tt>.  The colon and space
	      after the type are required.
	    </p>

	    <p>
	      <var>library-name</var> is the name of the shared library,
	      in this case <tt>libz</tt>.  (This must match the name part
	      of the soname, see below.)
	    </p>

	    <p>
	      <var>soname-version</var> is the version part of the
	      ELF <tt>SONAME</tt> attribute of the library, determined the
	      same way that the <var>soversion</var> component of the
	      recommended shared library package name is determined.
	      See <ref id="sharedlibs-runtime"> for the details.
	    </p>

	    <p>
	      <var>dependencies</var> has the same syntax as a dependency
	      field in a binary package control file.  It should give
	      details of which packages are required to satisfy a binary
	      built against the version of the library contained in the
	      package.  See <ref id="depsyntax"> for details on the
	      syntax, and <ref id="sharedlibs-updates"> for details on how
	      to maintain the dependency version constraint.
	    </p>

	    <p>
	      In our example, if the last change to the <tt>zlib1g</tt>
	      package that could change behavior for a client of that
	      library was in version <tt>1:1.2.3.3.dfsg-1</tt>, then
	      the <tt>shlibs</tt> entry for this library could say:
	      <example compact="compact">
		libz 1 zlib1g (>= 1:1.2.3.3.dfsg)
	      </example>
	      This version restriction must be new enough that any binary
	      built against the current version of the library will work
	      with any version of the shared library that satisfies that
	      dependency.
	    </p>

	    <p>
	      As zlib1g also provides a udeb containing the shared
	      library, there would also be a second line:
	      <example compact="compact">
		udeb: libz 1 zlib1g-udeb (>= 1:1.2.3.3.dfsg)
	      </example>
	    </p>
	  </sect2>

	  <sect2>
	    <heading>Providing a <file>shlibs</file> file</heading>

	    <p>
	      To provide a <file>shlibs</file> file for a shared library
	      binary package, create a <file>shlibs</file> file following
	      the format described above and place it in
	      the <file>DEBIAN</file> directory for that package during
	      the build.  It will then be included as a control file for
	      that package<footnote>
		This is what <prgn>dh_makeshlibs</prgn> in
		the <package>debhelper</package> suite does. If your
		package also has a udeb that provides a shared
		library, <prgn>dh_makeshlibs</prgn> can automatically
		generate the <tt>udeb:</tt> lines if you specify the name
		of the udeb with the <tt>--add-udeb</tt> option.
	      </footnote>.
	    </p>

	    <p>
	      Since <prgn>dpkg-shlibdeps</prgn> reads
	      the <file>DEBIAN/shlibs</file> files in all of the binary
	      packages being built from this source package, all of
	      the <file>DEBIAN/shlibs</file> files should be installed
	      before <prgn>dpkg-shlibdeps</prgn> is called on any of the
	      binary packages.
	    </p>
	  </sect2>
	</sect1>
      </sect>
    </chapt>


    <chapt id="opersys"><heading>The Operating System</heading>

      <sect>
	<heading>File system hierarchy</heading>


	<sect1 id="fhs">
	  <heading>File System Structure</heading>

	  <p>
	    The location of all files and directories must comply with the
	    Filesystem Hierarchy Standard (FHS), version 2.3, with the
	    exceptions noted below, and except where doing so would
	    violate other terms of Debian Policy.  The following
	    exceptions to the FHS apply:

            <enumlist>
              <item>
                <p>
                The FHS requirement that architecture-independent
                application-specific static files be located in
                <file>/usr/share</file> is relaxed to a suggestion.

                In particular, a subdirectory of <file>/usr/lib</file> may
                be used by a package (or a collection of packages) to hold a
                mixture of architecture-independent and
                architecture-dependent files. However, when a directory is
                entirely composed of architecture-independent files, it
                should be located in <file>/usr/share</file>.
                </p>
              </item>
              <item>
                <p>
                  The optional rules related to user specific
                  configuration files for applications are stored in
                  the user's home directory are relaxed.  It is
                  recommended that such files start with the
                  '<tt>.</tt>' character (a "dot file"), and if an
                  application needs to create more than one dot file
                  then the preferred placement is in a subdirectory
                  with a name starting with a '.' character, (a "dot
                  directory"). In this case it is recommended the
                  configuration files not start with the '.'
                  character.
                </p>
              </item>
              <item>
                <p>
                  The requirement for amd64 to use <file>/lib64</file>
                  for 64 bit binaries is removed.
                </p>
              </item>
              <item>
                <p>
                  The requirement for object files, internal binaries, and
                  libraries, including <file>libc.so.*</file>, to be located
                  directly under <file>/lib{,32}</file> and
                  <file>/usr/lib{,32}</file> is amended, permitting files
                  to instead be installed to
                  <file>/lib/<var>triplet</var></file> and
                  <file>/usr/lib/<var>triplet</var></file>, where
                  <tt><var>triplet</var></tt> is the value returned by
                  <tt>dpkg-architecture -qDEB_HOST_MULTIARCH</tt> for the
                  architecture of the package.  Packages may <em>not</em>
                  install files to any <var>triplet</var> path other
                  than the one matching the architecture of that package;
                  for instance, an <tt>Architecture: amd64</tt> package
                  containing 32-bit x86 libraries may not install these
                  libraries to <file>/usr/lib/i386-linux-gnu</file>.
                  <footnote>
                    This is necessary in order to reserve the directories for
                    use in cross-installation of library packages from other
                    architectures, as part of <tt>multiarch</tt>.
                  </footnote>
                </p>
                <p>
                  The requirement for C and C++ headers files to be
                  accessible through the search path
                  <file>/usr/include/</file> is amended, permitting files to
                  be accessible through the search path
                  <file>/usr/include/<var>triplet</var></file> where
                  <tt><var>triplet</var></tt> is as above.  <footnote>
                    This is necessary for architecture-dependant headers
                    file to coexist in a <tt>multiarch</tt> setup.
                  </footnote>
                </p>
                <p>
                  Applications may also use a single subdirectory under
                  <file>/usr/lib/<var>triplet</var></file>.
                </p>
                <p>
                  The execution time linker/loader, ld*, must still be made
                  available in the existing location under /lib or /lib64
                  since this is part of the ELF ABI for the architecture.
                </p>
              </item>
              <item>
                <p>
                  The requirement that
                  <file>/usr/local/share/man</file> be "synonymous"
                  with <file>/usr/local/man</file> is relaxed to a
                  recommendation</p>
              </item>
              <item>
                <p>
                  The requirement that windowmanagers with a single
                  configuration file call it <file>system.*wmrc</file>
                  is removed, as is the restriction that the window
                  manager subdirectory be named identically to the
                  window manager name itself.
                </p>
              </item>
              <item>
                <p>
                  The requirement that boot manager configuration
                  files live in <file>/etc</file>, or at least are
                  symlinked there, is relaxed to a recommendation.
                </p>
              </item>
	      <item>
		<p>
		  The additional directory <file>/run</file> in the root
		  file system is allowed.  <file>/run</file>
		  replaces <file>/var/run</file>, and the
		  subdirectory <file>/run/lock</file>
		  replaces <file>/var/lock</file>, with
		  the <file>/var</file> directories replaced by symlinks
		  for backwards compatibility.  <file>/run</file>
		  and <file>/run/lock</file> must follow all of the
		  requirements in the FHS for <file>/var/run</file>
		  and <file>/var/lock</file>, respectively, such as file
		  naming conventions, file format requirements, or the
		  requirement that files be cleared during the boot
		  process.  Files and directories residing
		  in <file>/run</file> should be stored on a temporary
		  file system.
		</p>
		<p>
		  Packages must not assume the <file>/run</file>
		  directory exists or is usable without a dependency
		  on <tt>initscripts (>= 2.88dsf-13.3)</tt> until the
		  stable release of Debian supports <file>/run</file>.
		</p>
	      </item>
	      <item>
		<p>
		  The <file>/sys</file> directory in the root filesystem is
		  additionally allowed. <footnote>This directory is used as
		    mount point to mount virtual filesystems to get access to
		    kernel information.</footnote>
		</p>
	      </item>
	      <item>
                <p>
                  The <file>/var/www</file> directory is additionally allowed. 
                </p>
	      </item>
	      <item>
		<p>
                  The requirement for <file>/usr/local/lib&lt;qual&gt;</file>
                  to exist if <file>/lib&lt;qual&gt;</file> or
                  <file>/usr/lib&lt;qual&gt;</file> exists (where 
                  <file>lib&lt;qual&gt;</file> is a variant of
                  <file>lib</file> such as <file>lib32</file> or
                  <file>lib64</file>) is removed.
                  </p>
	      </item>
	      <item>
		<p>
		  On GNU/Hurd systems, the following additional
		  directories are allowed in the root
		  filesystem: <file>/hurd</file>
		  and <file>/servers</file>.<footnote>
		    These directories are used to store translators and as
		    a set of standard names for mount points,
		    respectively.
		  </footnote>
		</p>
	      </item>
            </enumlist>
          </p>

          <p>
            The version of this document referred here can be
	    found in the <tt>debian-policy</tt> package or on <url
	    id="http://www.debian.org/doc/packaging-manuals/fhs/"
	      name="FHS (Debian copy)"> alongside this manual (or, if
	    you have the <package>debian-policy</package> installed,
	    you can try <url
	      id="file:///usr/share/doc/debian-policy/fhs/" name="FHS
	      (local copy)">). The
	    latest version, which may be a more recent version, may
	    be found on
	    <url id="http://www.pathname.com/fhs/" name="FHS (upstream)">.
	    Specific questions about following the standard may be
	    asked on the <tt>debian-devel</tt> mailing list, or
	    referred to the FHS mailing list (see the
            <url id="http://www.pathname.com/fhs/" name="FHS web site"> for
	    more information).
	  </p>
	</sect1>

	<sect1>
	  <heading>Site-specific programs</heading>

	  <p>
	    As mandated by the FHS, packages must not place any
	    files in <file>/usr/local</file>, either by putting them in
	    the file system archive to be unpacked by <prgn>dpkg</prgn>
	    or by manipulating them in their maintainer scripts.
	  </p>

	  <p>
	    However, the package may create empty directories below
	    <file>/usr/local</file> so that the system administrator knows
	    where to place site-specific files.  These are not
	    directories <em>in</em> <file>/usr/local</file>, but are
	    children of directories in <file>/usr/local</file>.  These
            directories (<file>/usr/local/*/dir/</file>)
	    should be removed on package removal if they are
	    empty.
	  </p>

	  <p>
	    Note that this applies only to
	    directories <em>below</em> <file>/usr/local</file>,
	    not <em>in</em> <file>/usr/local</file>.  Packages must
	    not create sub-directories in the
	    directory <file>/usr/local</file> itself, except those
	    listed in FHS, section 4.5.  However, you may create
	    directories below them as you wish. You must not remove
	    any of the directories listed in 4.5, even if you created
	    them.
	  </p>

	  <p>
	    Since <file>/usr/local</file> can be mounted read-only from a
	    remote server, these directories must be created and
	    removed by the <prgn>postinst</prgn> and <prgn>prerm</prgn>
	    maintainer scripts and not be included in the
	    <file>.deb</file> archive.  These scripts must not fail if
	    either of these operations fail.
	  </p>

	  <p>
	    For example, the <tt>emacsen-common</tt> package could
	    contain something like
	    <example compact="compact">
if [ ! -e /usr/local/share/emacs ]; then
  if mkdir /usr/local/share/emacs 2>/dev/null; then
    if chown root:staff /usr/local/share/emacs; then
      chmod 2775 /usr/local/share/emacs || true
    fi
  fi
fi
	    </example>
	    in its <prgn>postinst</prgn> script, and
	    <example compact="compact">
rmdir /usr/local/share/emacs/site-lisp 2>/dev/null || true
rmdir /usr/local/share/emacs 2>/dev/null || true
	    </example>
	    in the <prgn>prerm</prgn> script.  (Note that this form is
	    used to ensure that if the script is interrupted, the
	    directory <file>/usr/local/share/emacs</file> will still be
	    removed.)
	  </p>

	  <p>
	    If you do create a directory in <file>/usr/local</file> for
	    local additions to a package, you should ensure that
	    settings in <file>/usr/local</file> take precedence over the
	    equivalents in <file>/usr</file>.
	  </p>

	  <p>
	    However, because <file>/usr/local</file> and its contents are
	    for exclusive use of the local administrator, a package
	    must not rely on the presence or absence of files or
	    directories in <file>/usr/local</file> for normal operation.
	  </p>

	  <p>
	    The <file>/usr/local</file> directory itself and all the
	    subdirectories created by the package should (by default) have
	    permissions 2775 (group-writable and set-group-id) and be
	    owned by <tt>root:staff</tt>.
	  </p>
	</sect1>

	<sect1>
	  <heading>The system-wide mail directory</heading>
	  <p>
	    The system-wide mail directory
	    is <file>/var/mail</file>. This directory is part of the
	    base system and should not be owned by any particular mail
	    agents.  The use of the old
	    location <file>/var/spool/mail</file> is deprecated, even
	    though the spool may still be physically located there.
	  </p>
	</sect1>

	<sect1 id="fhs-run">
	  <heading><file>/run</file> and <file>/run/lock</file></heading>

	  <p>
	    The directory <file>/run</file> is cleared at boot, normally
	    by being a mount point for a temporary file system.  Packages
	    therefore must not assume that any files or directories
	    under <file>/run</file> other than <file>/run/lock</file>
	    exist unless the package has arranged to create those files or
	    directories since the last reboot.  Normally, this is done by
	    the package via an init script.  See <ref id="writing-init">
	    for more information.
	  </p>

	  <p>
	    Packages must not include files or directories
	    under <file>/run</file>, or under the
	    older <file>/var/run</file> and <file>/var/lock</file> paths.
	    The latter paths will normally be symlinks or other
	    redirections to <file>/run</file> for backwards compatibility.
	  </p>
	</sect1>
      </sect>

      <sect>
	<heading>Users and groups</heading>

	<sect1>
	  <heading>Introduction</heading>
	  <p>
	    The Debian system can be configured to use either plain or
	    shadow passwords.
	  </p>

	  <p>
	    Some user ids (UIDs) and group ids (GIDs) are reserved
	    globally for use by certain packages.  Because some
	    packages need to include files which are owned by these
	    users or groups, or need the ids compiled into binaries,
	    these ids must be used on any Debian system only for the
	    purpose for which they are allocated. This is a serious
	    restriction, and we should avoid getting in the way of
	    local administration policies. In particular, many sites
	    allocate users and/or local system groups starting at 100.
	  </p>

	  <p>
	    Apart from this we should have dynamically allocated ids,
	    which should by default be arranged in some sensible
	    order, but the behavior should be configurable.
	  </p>

	  <p>
	    Packages other than <tt>base-passwd</tt> must not modify
	    <file>/etc/passwd</file>, <file>/etc/shadow</file>,
	    <file>/etc/group</file> or <file>/etc/gshadow</file>.
	  </p>
	</sect1>

	<sect1>
	  <heading>UID and GID classes</heading>
	  <p>
	    The UID and GID numbers are divided into classes as
	    follows:
	    <taglist>
	      <tag>0-99:</tag>
	      <item>
		<p>
		  Globally allocated by the Debian project, the same
		  on every Debian system.  These ids will appear in
		  the <file>passwd</file> and <file>group</file> files of all
		  Debian systems, new ids in this range being added
		  automatically as the <tt>base-passwd</tt> package is
		  updated.
		</p>

		<p>
		  Packages which need a single statically allocated
		  uid or gid should use one of these; their
		  maintainers should ask the <tt>base-passwd</tt>
		  maintainer for ids.
		</p>
	      </item>

	      <tag>100-999:</tag>
	      <item>
		<p>
		  Dynamically allocated system users and groups.
		  Packages which need a user or group, but can have
		  this user or group allocated dynamically and
		  differently on each system, should use <tt>adduser
		  --system</tt> to create the group and/or user.
		  <prgn>adduser</prgn> will check for the existence of
		  the user or group, and if necessary choose an unused
		  id based on the ranges specified in
		  <file>adduser.conf</file>.
		</p>
	      </item>

	      <tag>1000-59999:</tag>
	      <item>
		<p>
		  Dynamically allocated user accounts.  By default
		  <prgn>adduser</prgn> will choose UIDs and GIDs for
		  user accounts in this range, though
		  <file>adduser.conf</file> may be used to modify this
		  behavior.
		</p>
	      </item>

	      <tag>60000-64999:</tag>
	      <item>
		<p>
		  Globally allocated by the Debian project, but only
		  created on demand. The ids are allocated centrally
		  and statically, but the actual accounts are only
		  created on users' systems on demand.
		</p>

		<p>
		  These ids are for packages which are obscure or
		  which require many statically-allocated ids.  These
		  packages should check for and create the accounts in
		  <file>/etc/passwd</file> or <file>/etc/group</file> (using
		  <prgn>adduser</prgn> if it has this facility) if
		  necessary.  Packages which are likely to require
		  further allocations should have a "hole" left after
		  them in the allocation, to give them room to
		  grow.
		</p>
	      </item>

	      <tag>65000-65533:</tag>
	      <item>
		<p>Reserved.</p>
	      </item>

	      <tag>65534:</tag>
	      <item>
		<p>
		  User <tt>nobody</tt>. The corresponding gid refers
		  to the group <tt>nogroup</tt>.
		</p>
	      </item>

	      <tag>65535:</tag>
	      <item>
		<p>
		  This value <em>must not</em> be used, because it was
		  the error return sentinel value when <tt>uid_t</tt>
		  was 16 bits.
		</p>
	      </item>

	      <tag>65536-4294967293:</tag>
	      <item>
		<p>
		  Dynamically allocated user accounts.  By
		  default <prgn>adduser</prgn> will not allocate UIDs
		  and GIDs in this range, to ease compatibility with
		  legacy systems where <tt>uid_t</tt> is still 16
		  bits.
	        </p>
	      </item>

	      <tag>4294967294:</tag>
	      <item>
		<p>
                  <tt>(uid_t)(-2) == (gid_t)(-2)</tt> <em>must not</em> be
                  used, because it is used as the anonymous, unauthenticated
                  user by some NFS implementations.
		</p>
	      </item>

	      <tag>4294967295:</tag>
	      <item>
		<p>
		  <tt>(uid_t)(-1) == (gid_t)(-1)</tt> <em>must
		  not</em> be used, because it is the error return
		  sentinel value.
		</p>
	      </item>
	    </taglist>
	  </p>
	</sect1>
      </sect>

      <sect id="sysvinit">
	<heading>System run levels and <file>init.d</file> scripts</heading>

	<sect1 id="/etc/init.d">
	  <heading>Introduction</heading>

	  <p>
	    The <file>/etc/init.d</file> directory contains the scripts
	    executed by <prgn>init</prgn> at boot time and when the
	    init state (or "runlevel") is changed (see <manref
	    name="init" section="8">).
	  </p>

          <p>
            There are at least two different, yet functionally
            equivalent, ways of handling these scripts.  For the sake
            of simplicity, this document describes only the symbolic
            link method. However, it must not be assumed by maintainer
            scripts that this method is being used, and any automated
            manipulation of the various runlevel behaviors by
            maintainer scripts must be performed using
            <prgn>update-rc.d</prgn> as described below and not by
            manually installing or removing symlinks.  For information
            on the implementation details of the other method,
            implemented in the <tt>file-rc</tt> package, please refer
            to the documentation of that package.
	  </p>

          <p>
            These scripts are referenced by symbolic links in the
	    <file>/etc/rc<var>n</var>.d</file> directories.  When changing
	    runlevels, <prgn>init</prgn> looks in the directory
	    <file>/etc/rc<var>n</var>.d</file> for the scripts it should
	    execute, where <tt><var>n</var></tt> is the runlevel that
	    is being changed to, or <tt>S</tt> for the boot-up
	    scripts.
	  </p>

          <p>
	    The names of the links all have the form
	    <file>S<var>mm</var><var>script</var></file> or
	    <file>K<var>mm</var><var>script</var></file> where
	    <var>mm</var> is a two-digit number and <var>script</var>
	    is the name of the script (this should be the same as the
	    name of the actual script in <file>/etc/init.d</file>).
	  </p>

          <p>
	    When <prgn>init</prgn> changes runlevel first the targets
	    of the links whose names start with a <tt>K</tt> are
	    executed, each with the single argument <tt>stop</tt>,
	    followed by the scripts prefixed with an <tt>S</tt>, each
	    with the single argument <tt>start</tt>.  (The links are
	    those in the <file>/etc/rc<var>n</var>.d</file> directory
	    corresponding to the new runlevel.)  The <tt>K</tt> links
	    are responsible for killing services and the <tt>S</tt>
	    link for starting services upon entering the runlevel.
	  </p>

	  <p>
	    For example, if we are changing from runlevel 2 to
	    runlevel 3, init will first execute all of the <tt>K</tt>
	    prefixed scripts it finds in <file>/etc/rc3.d</file>, and then
	    all of the <tt>S</tt> prefixed scripts in that directory.
	    The links starting with <tt>K</tt> will cause the
	    referred-to file to be executed with an argument of
	    <tt>stop</tt>, and the <tt>S</tt> links with an argument
	    of <tt>start</tt>.
	  </p>

	  <p>
	    The two-digit number <var>mm</var> is used to determine
	    the order in which to run the scripts: low-numbered links
	    have their scripts run first.  For example, the
	    <tt>K20</tt> scripts will be executed before the
	    <tt>K30</tt> scripts.  This is used when a certain service
	    must be started before another.  For example, the name
	    server <prgn>bind</prgn> might need to be started before
	    the news server <prgn>inn</prgn> so that <prgn>inn</prgn>
	    can set up its access lists.  In this case, the script
	    that starts <prgn>bind</prgn> would have a lower number
	    than the script that starts <prgn>inn</prgn> so that it
	    runs first:
	    <example compact="compact">
/etc/rc2.d/S17bind
/etc/rc2.d/S70inn
	    </example>
	  </p>

	  <p>
	    The two runlevels 0 (halt) and 6 (reboot) are slightly
	    different.  In these runlevels, the links with an
	    <tt>S</tt> prefix are still called after those with a
	    <tt>K</tt> prefix, but they too are called with the single
	    argument <tt>stop</tt>.
	  </p>
	</sect1>

	<sect1 id="writing-init">
	  <heading>Writing the scripts</heading>

	  <p>
	    Packages that include daemons for system services should
	    place scripts in <file>/etc/init.d</file> to start or stop
	    services at boot time or during a change of runlevel.
	    These scripts should be named
	    <file>/etc/init.d/<var>package</var></file>, and they should
	    accept one argument, saying what to do:

	    <taglist>
	      <tag><tt>start</tt></tag>
	      <item>start the service,</item>

	      <tag><tt>stop</tt></tag>
	      <item>stop the service,</item>

	      <tag><tt>restart</tt></tag>
	      <item>stop and restart the service if it's already running,
		  otherwise start the service</item>

	      <tag><tt>reload</tt></tag>
	      <item><p>cause the configuration of the service to be
		  reloaded without actually stopping and restarting
		  the service,</item>

	      <tag><tt>force-reload</tt></tag>
	      <item>cause the configuration to be reloaded if the
		  service supports this, otherwise restart the
		  service.</item>
	    </taglist>

	    The <tt>start</tt>, <tt>stop</tt>, <tt>restart</tt>, and
	    <tt>force-reload</tt> options should be supported by all
	    scripts in <file>/etc/init.d</file>, the <tt>reload</tt>
	    option is optional.
	  </p>

	  <p>
	    The <file>init.d</file> scripts must ensure that they will
	    behave sensibly (i.e., returning success and not starting
	    multiple copies of a service) if invoked with <tt>start</tt>
	    when the service is already running, or with <tt>stop</tt>
	    when it isn't, and that they don't kill unfortunately-named
	    user processes.  The best way to achieve this is usually to
	    use <prgn>start-stop-daemon</prgn> with the <tt>--oknodo</tt>
	    option.
	  </p>

	  <p>
	    Be careful of using <tt>set -e</tt> in <file>init.d</file>
	    scripts.  Writing correct <file>init.d</file> scripts requires
	    accepting various error exit statuses when daemons are already
	    running or already stopped without aborting
	    the <file>init.d</file> script, and common <file>init.d</file>
	    function libraries are not safe to call with <tt>set -e</tt>
	    in effect<footnote>
	      <tt>/lib/lsb/init-functions</tt>, which assists in writing
	      LSB-compliant init scripts, may fail if <tt>set -e</tt> is
	      in effect and echoing status messages to the console fails,
	      for example.
	    </footnote>.  For <tt>init.d</tt> scripts, it's often easier
	    to not use <tt>set -e</tt> and instead check the result of
	    each command separately.
	  </p>

	  <p>
	    If a service reloads its configuration automatically (as
	    in the case of <prgn>cron</prgn>, for example), the
	    <tt>reload</tt> option of the <file>init.d</file> script
	    should behave as if the configuration has been reloaded
	    successfully.
	  </p>

	  <p>
	    The <file>/etc/init.d</file> scripts must be treated as
	    configuration files, either (if they are present in the
	    package, that is, in the .deb file) by marking them as
	    <tt>conffile</tt>s, or, (if they do not exist in the .deb)
	    by managing them correctly in the maintainer scripts (see
	    <ref id="config-files">).  This is important since we want
	    to give the local system administrator the chance to adapt
	    the scripts to the local system, e.g., to disable a
	    service without de-installing the package, or to specify
	    some special command line options when starting a service,
	    while making sure their changes aren't lost during the next
	    package upgrade.
	  </p>

	  <p>
	    These scripts should not fail obscurely when the
	    configuration files remain but the package has been
	    removed, as configuration files remain on the system after
	    the package has been removed.  Only when <prgn>dpkg</prgn>
	    is executed with the <tt>--purge</tt> option will
	    configuration files be removed.  In particular, as the
	    <file>/etc/init.d/<var>package</var></file> script itself is
	    usually a <tt>conffile</tt>, it will remain on the system
	    if the package is removed but not purged.  Therefore, you
	    should include a <tt>test</tt> statement at the top of the
	    script, like this:
	    <example compact="compact">
test -f <var>program-executed-later-in-script</var> || exit 0
	    </example>
	  </p>

	  <p>
	    Often there are some variables in the <file>init.d</file>
	    scripts whose values control the behavior of the scripts,
	    and which a system administrator is likely to want to
	    change.  As the scripts themselves are frequently
	    <tt>conffile</tt>s, modifying them requires that the
	    administrator merge in their changes each time the package
	    is upgraded and the <tt>conffile</tt> changes.  To ease
	    the burden on the system administrator, such configurable
	    values should not be placed directly in the script.
	    Instead, they should be placed in a file in
	    <file>/etc/default</file>, which typically will have the same
	    base name as the <file>init.d</file> script.  This extra file
	    should be sourced by the script when the script runs.  It
	    must contain only variable settings and comments in SUSv3
	    <prgn>sh</prgn> format.  It may either be a
	    <tt>conffile</tt> or a configuration file maintained by
	    the package maintainer scripts.  See <ref id="config-files">
	    for more details.
	  </p>

	  <p>
	    To ensure that vital configurable values are always
	    available, the <file>init.d</file> script should set default
	    values for each of the shell variables it uses, either
	    before sourcing the <file>/etc/default/</file> file or
	    afterwards using something like the <tt>:
	    ${VAR:=default}</tt> syntax.  Also, the <file>init.d</file>
	    script must behave sensibly and not fail if the
	    <file>/etc/default</file> file is deleted.
	  </p>

	  <p>
            Files and directories under <file>/run</file>, including ones
            referred to via the compatibility paths <file>/var/run</file>
            and <file>/var/lock</file>, are normally stored on a temporary
            filesystem and are normally not persistent across a reboot.
            The <file>init.d</file> scripts must handle this correctly.
            This will typically mean creating any required subdirectories
            dynamically when the <file>init.d</file> script is run.
            See <ref id="fhs-run"> for more information.
	  </p>
	</sect1>

	<sect1>
	  <heading>Interfacing with the initscript system</heading>

	  <p>
	    Maintainers should use the abstraction layer provided by
	    the <prgn>update-rc.d</prgn> and <prgn>invoke-rc.d</prgn>
	    programs to deal with initscripts in their packages'
	    scripts such as <prgn>postinst</prgn>, <prgn>prerm</prgn>
	    and <prgn>postrm</prgn>.
	  </p>

	  <p>
	    Directly managing the /etc/rc?.d links and directly
	    invoking the <file>/etc/init.d/</file> initscripts should
	    be done only by packages providing the initscript
	    subsystem (such as <prgn>sysv-rc</prgn> and
	    <prgn>file-rc</prgn>).
	  </p>

	  <sect2>
	    <heading>Managing the links</heading>

	    <p>
	      The program <prgn>update-rc.d</prgn> is provided for
	      package maintainers to arrange for the proper creation and
	      removal of <file>/etc/rc<var>n</var>.d</file> symbolic links,
	      or their functional equivalent if another method is being
	      used.  This may be used by maintainers in their packages'
	      <prgn>postinst</prgn> and <prgn>postrm</prgn> scripts.
	    </p>

	    <p>
	      You must not include any <file>/etc/rc<var>n</var>.d</file>
	      symbolic links in the actual archive or manually create or
	      remove the symbolic links in maintainer scripts; you must
	      use the <prgn>update-rc.d</prgn> program instead.  (The
	      former will fail if an alternative method of maintaining
	      runlevel information is being used.)  You must not include
	      the <file>/etc/rc<var>n</var>.d</file> directories themselves
	      in the archive either.  (Only the <tt>sysvinit</tt>
	      package may do so.)
	    </p>

	    <p>
	      By default <prgn>update-rc.d</prgn> will start services in
	      each of the multi-user state runlevels (2, 3, 4, and 5)
	      and stop them in the halt runlevel (0), the single-user
	      runlevel (1) and the reboot runlevel (6).  The system
	      administrator will have the opportunity to customize
	      runlevels by simply adding, moving, or removing the
	      symbolic links in <file>/etc/rc<var>n</var>.d</file> if
	      symbolic links are being used, or by modifying
	      <file>/etc/runlevel.conf</file> if the <tt>file-rc</tt> method
	      is being used.
	    </p>

	    <p>
	      To get the default behavior for your package, put in your
	      <prgn>postinst</prgn> script
	      <example compact="compact">
		update-rc.d <var>package</var> defaults
	      </example>
	      and in your <prgn>postrm</prgn>
	      <example compact="compact">
		if [ "$1" = purge ]; then
		update-rc.d <var>package</var> remove
		fi
	      </example>. Note that if your package changes runlevels
	      or priority, you may have to remove and recreate the links,
	      since otherwise the old links may persist. Refer to the
	      documentation of <prgn>update-rc.d</prgn>.
	    </p>

	    <p>
	      This will use a default sequence number of 20.  If it does
	      not matter when or in which order the <file>init.d</file>
	      script is run, use this default.  If it does, then you
	      should talk to the maintainer of the <prgn>sysvinit</prgn>
	      package or post to <tt>debian-devel</tt>, and they will
	      help you choose a number.
	    </p>

	    <p>
	      For more information about using <tt>update-rc.d</tt>,
	      please consult its man page <manref name="update-rc.d"
		section="8">.
	    </p>
	  </sect2>

	  <sect2>
	    <heading>Running initscripts</heading>
	    <p>
	      The program <prgn>invoke-rc.d</prgn> is provided to make
	      it easier for package maintainers to properly invoke an
	      initscript, obeying runlevel and other locally-defined
	      constraints that might limit a package's right to start,
	      stop and otherwise manage services. This program may be
	      used by maintainers in their packages' scripts.
	    </p>

	    <p>
	      The package maintainer scripts must use
	      <prgn>invoke-rc.d</prgn> to invoke the
	      <file>/etc/init.d/*</file> initscripts, instead of
	      calling them directly.
	    </p>

	    <p>
	      By default, <prgn>invoke-rc.d</prgn> will pass any
	      action requests (start, stop, reload, restart...) to the
	      <file>/etc/init.d</file> script, filtering out requests
	      to start or restart a service out of its intended
	      runlevels.
	    </p>

	    <p>
	      Most packages will simply need to change:
	      <example compact="compact">/etc/init.d/&lt;package&gt;
	      &lt;action&gt;</example> in their <prgn>postinst</prgn>
	      and <prgn>prerm</prgn> scripts to:
	      <example compact="compact">
	if which invoke-rc.d >/dev/null 2>&1; then
		invoke-rc.d <var>package</var> &lt;action&gt;
	else
		/etc/init.d/<var>package</var> &lt;action&gt;
	fi
	      </example>
	    </p>

	    <p>
	      A package should register its initscript services using
	      <prgn>update-rc.d</prgn> before it tries to invoke them
	      using <prgn>invoke-rc.d</prgn>. Invocation of
	      unregistered services may fail.
	    </p>

	    <p>
	      For more information about using
	      <prgn>invoke-rc.d</prgn>, please consult its man page
	      <manref name="invoke-rc.d" section="8">.
	    </p>
	  </sect2>
	</sect1>

	<sect1>
	  <heading>Boot-time initialization</heading>

          <p>
            There used to be another directory, <file>/etc/rc.boot</file>,
            which contained scripts which were run once per machine
            boot. This has been deprecated in favour of links from
            <file>/etc/rcS.d</file> to files in <file>/etc/init.d</file> as
            described in <ref id="/etc/init.d">.  Packages must not
            place files in <file>/etc/rc.boot</file>.
	  </p>
	</sect1>

	<sect1>
	  <heading>Example</heading>

	  <p>
	    An example on which you can base your
	    <file>/etc/init.d</file> scripts is found in
	    <file>/etc/init.d/skeleton</file>.
	  </p>

	</sect1>
      </sect>

      <sect>
	<heading>Console messages from <file>init.d</file> scripts</heading>

	<p>
	  This section describes the formats to be used for messages
	  written to standard output by the <file>/etc/init.d</file>
	  scripts.  The intent is to improve the consistency of
	  Debian's startup and shutdown look and feel.  For this
	  reason, please look very carefully at the details.  We want
	  the messages to have the same format in terms of wording,
	  spaces, punctuation and case of letters.
	</p>

	<p>
	  Here is a list of overall rules that should be used for
	  messages generated by <file>/etc/init.d</file> scripts.  
	</p>

	<p>
	  <list>
	    <item>
		The message should fit in one line (fewer than 80
		characters), start with a capital letter and end with
		a period (<tt>.</tt>) and line feed (<tt>"\n"</tt>).
	    </item>

	    <item>
              If the script is performing some time consuming task in
              the background (not merely starting or stopping a
              program, for instance), an ellipsis (three dots:
              <tt>...</tt>) should be output to the screen, with no
              leading or tailing whitespace or line feeds.
	    </item>

	    <item>
              The messages should appear as if the computer is telling
              the user what it is doing (politely :-), but should not
                mention "it" directly.  For example, instead of:
		<example compact="compact">
I'm starting network daemons: nfsd mountd.
		</example>
		the message should say
		<example compact="compact">
Starting network daemons: nfsd mountd.
		</example>
	    </item>
	  </list>
	</p>

	<p>
          <tt>init.d</tt> script should use the following  standard
          message formats for the situations enumerated below.
	</p>

	<p>
	  <list>
	    <item>
	      <p>When daemons are started</p>

	      <p>
		If the script starts one or more daemons, the output
		should look like this (a single line, no leading
		spaces):
		<example compact="compact">
Starting <var>description</var>: <var>daemon-1</var> ... <var>daemon-n</var>.
		</example>
		The <var>description</var> should describe the
		subsystem the daemon or set of daemons are part of,
		while <var>daemon-1</var> up to <var>daemon-n</var>
		denote each daemon's name (typically the file name of
		the program).
	      </p>

	      <p>
		For example, the output of <file>/etc/init.d/lpd</file>
		would look like:
		<example compact="compact">
Starting printer spooler: lpd.
		</example>
	      </p>

	      <p>
		This can be achieved by saying
		<example compact="compact">
echo -n "Starting printer spooler: lpd"
start-stop-daemon --start --quiet --exec /usr/sbin/lpd
echo "."
		</example>
		in the script. If there are more than one daemon to
		start, the output should look like this:
		<example compact="compact">
echo -n "Starting remote file system services:"
echo -n " nfsd"; start-stop-daemon --start --quiet nfsd
echo -n " mountd"; start-stop-daemon --start --quiet mountd
echo -n " ugidd"; start-stop-daemon --start --quiet ugidd
echo "."
		</example>
		This makes it possible for the user to see what is
		happening and when the final daemon has been started.
		Care should be taken in the placement of white spaces:
		in the example above the system administrators can
		easily comment out a line if they don't want to start
		a specific daemon, while the displayed message still
		looks good.
	      </p>
	    </item>

	    <item>
	      <p>When a system parameter is being set</p>

	      <p>
		If you have to set up different system parameters
		during the system boot, you should use this format:
		<example compact="compact">
Setting <var>parameter</var> to "<var>value</var>".
		</example>
	      </p>

	      <p>
		You can use a statement such as the following to get
		the quotes right:
		<example compact="compact">
echo "Setting DNS domainname to \"$domainname\"."
		</example>
	      </p>

	      <p>
                Note that the same symbol (<tt>"</tt>) <!-- " --> is used
                for the left and right quotation marks.  A grave accent
                (<tt>`</tt>) is not a quote character; neither is an
                apostrophe (<tt>'</tt>).
	      </p>
	    </item>

	    <item>
	      <p>When a daemon is stopped or restarted</p>

	      <p>
		When you stop or restart a daemon, you should issue a
		message identical to the startup message, except that
		<tt>Starting</tt> is replaced with <tt>Stopping</tt>
		or <tt>Restarting</tt> respectively.
	      </p>

	      <p>
		For example, stopping the printer daemon will look like
		this:
		<example compact="compact">
Stopping printer spooler: lpd.
		</example>
	      </p>
	    </item>

	    <item>
	      <p>When something is executed</p>

	      <p>
		There are several examples where you have to run a
		program at system startup or shutdown to perform a
		specific task, for example, setting the system's clock
		using <prgn>netdate</prgn> or killing all processes
		when the system shuts down.  Your message should look
		like this:
		<example compact="compact">
Doing something very useful...done.
		</example>
		You should print the <tt>done.</tt> immediately after
		the job has been completed, so that the user is
		informed why they have to wait.  You can get this
		behavior by saying
		<example compact="compact">
echo -n "Doing something very useful..."
do_something
echo "done."
		</example>
		in your script.
	      </p>
	    </item>

	    <item>
	      <p>When the configuration is reloaded</p>

	      <p>
		When a daemon is forced to reload its configuration
		files you should use the following format:
		<example compact="compact">
Reloading <var>description</var> configuration...done.
		</example>
		where <var>description</var> is the same as in the
		daemon starting message.
	      </p>
	    </item>
	  </list>
	</p>
      </sect>

      <sect id="cron-jobs">
	<heading>Cron jobs</heading>

	<p>
	  Packages must not modify the configuration file
	  <file>/etc/crontab</file>, and they must not modify the files in
	  <file>/var/spool/cron/crontabs</file>.
	</p>

	<p>
	  If a package wants to install a job that has to be executed via
	  cron, it should place a file named as specified
	  in <ref id="cron-files"> into one or more of the following
	  directories:
	  <example compact="compact">
/etc/cron.hourly
/etc/cron.daily
/etc/cron.weekly
/etc/cron.monthly
	  </example>
	  As these directory names imply, the files within them are
	  executed on an hourly, daily, weekly, or monthly basis,
	  respectively. The exact times are listed in
	  <file>/etc/crontab</file>.
	</p>

	<p>
	  All files installed in any of these directories must be
	  scripts (e.g., shell scripts or Perl scripts) so that they
	  can easily be modified by the local system administrator.
	  In addition, they must be treated as configuration files.
	</p>

	<p>
	  If a certain job has to be executed at some other frequency or
	  at a specific time, the package should install a file in
	  <file>/etc/cron.d</file> with a name as specified
	  in <ref id="cron-files">.  This file uses the same syntax
	  as <file>/etc/crontab</file> and is processed
	  by <prgn>cron</prgn> automatically. The file must also be
	  treated as a configuration file. (Note that entries in the
	  <file>/etc/cron.d</file> directory are not handled by
	  <prgn>anacron</prgn>. Thus, you should only use this
	  directory for jobs which may be skipped if the system is not
	  running.)
	</p>

	<p>
          Unlike <file>crontab</file> files described in the IEEE Std
          1003.1-2008 (POSIX.1) available from
          <url id="http://www.opengroup.org/onlinepubs/9699919799/"
               name="The Open Group">, the files in
          <file>/etc/cron.d</file> and the file
          <file>/etc/crontab</file> have seven fields; namely:
          <enumlist>
            <item>Minute [0,59]</item>
            <item>Hour [0,23]</item>
            <item>Day of the month [1,31]</item>
            <item>Month of the year [1,12]</item>
            <item>Day of the week ([0,6] with 0=Sunday)</item>
            <item>Username</item>
            <item>Command to be run</item>
          </enumlist>
          Ranges of numbers are allowed.  Ranges are two numbers
          separated with a hyphen.  The specified range is inclusive.
          Lists are allowed.  A list is a set of numbers (or ranges)
          separated by commas. Step values can be used in conjunction
          with ranges.
        </p>

	<p>
	  The scripts or <tt>crontab</tt> entries in these directories should
	  check if all necessary programs are installed before they
	  try to execute them. Otherwise, problems will arise when a
	  package was removed but not purged since configuration files
	  are kept on the system in this situation.
        </p>

        <p>
          Any <tt>cron</tt> daemon must provide
          <file>/usr/bin/crontab</file> and support normal
          <tt>crontab</tt> entries as specified in POSIX. The daemon
          must also support names for days and months, ranges, and
          step values. It has to support <file>/etc/crontab</file>,
          and correctly execute the scripts in
          <file>/etc/cron.d</file>. The daemon must also correctly
          execute scripts in
          <file>/etc/cron.{hourly,daily,weekly,monthly}</file>.
        </p>

	<sect1 id="cron-files">
	  <heading>Cron job file names</heading>

	  <p>
	    The file name of a cron job file should normally match the
	    name of the package from which it comes.
	  </p>

	  <p>
	    If a package supplies multiple cron job files files in the
	    same directory, the file names should all start with the name
	    of the package (possibly modified as described below) followed
	    by a hyphen (<tt>-</tt>) and a suitable suffix.
	  </p>

	  <p>
	    A cron job file name must not include any period or plus
	    characters (<tt>.</tt> or <tt>+</tt>) characters as this will
	    cause cron to ignore the file.  Underscores (<tt>_</tt>)
	    should be used instead of <tt>.</tt> and <tt>+</tt>
	    characters.
	  </p>
	</sect1>
      </sect>

      <sect id="menus">
	<heading>Menus</heading>

	<p>
	  The Debian <tt>menu</tt> package provides a standard
	  interface between packages providing applications and
	  <em>menu programs</em> (either X window managers or
	  text-based menu programs such as <prgn>pdmenu</prgn>).
	</p>

	<p>
	  All packages that provide applications that need not be
	  passed any special command line arguments for normal
	  operation should register a menu entry for those
	  applications, so that users of the <tt>menu</tt> package
	  will automatically get menu entries in their window
	  managers, as well in shells like <tt>pdmenu</tt>.
	</p>

	<p>
          Menu entries should follow the current menu policy.
	</p>

	<p>
	  The menu policy can be found in the <tt>menu-policy</tt>
	  files in the <tt>debian-policy</tt> package.
	  It is also available from the Debian web mirrors at
          <tt><url name="/doc/packaging-manuals/menu-policy/"
		id="http://www.debian.org/doc/packaging-manuals/menu-policy/"></tt>.
	</p>

	<p>
	  Please also refer to the <em>Debian Menu System</em>
	  documentation that comes with the <package>menu</package>
	  package for information about how to register your
	  applications.
	</p>
      </sect>

      <sect id="mime">
	<heading>Multimedia handlers</heading>

	<p>
	  MIME (Multipurpose Internet Mail Extensions, RFCs 2045-2049)
	  is a mechanism for encoding files and data streams and
	  providing meta-information about them, in particular their
	  type (e.g. audio or video) and format (e.g. PNG, HTML,
	  MP3).
	</p>

	<p>
	  Registration of MIME type handlers allows programs like mail
	  user agents and web browsers to invoke these handlers to
	  view, edit or display MIME types they don't support directly.
	</p>

	<p>
	  Packages which provide programs to view/show/play, compose, edit or
	  print MIME types should register them as such by placing a file in
	  <manref name="mailcap" section="5"> format (RFC 1524) in the directory
	  <file>/usr/lib/mime/packages/</file>.  The file name should be the
	  binary package's name.
	</p>

	<p>
	  The <package>mime-support</package> package provides the
	  <prgn>update-mime</prgn> program, which integrates these
	  registrations in the <file>/etc/mailcap</file> file, using dpkg
	  triggers<footnote>
	    Creating, modifying or removing a file in
	    <file>/usr/lib/mime/packages/</file> using maintainer scripts will
	    not activate the trigger.  In that case, it can be done by calling
	    <tt>dpkg-trigger --no-await /usr/lib/mime/packages</tt> from
	    the maintainer script after creating, modifying, or removing
	    the file.
	  </footnote>.
	  Packages using this facility <em>should not</em> depend on,
	  recommend, or suggest <prgn>mime-support</prgn>.
	</p>
      </sect>

      <sect>
	<heading>Keyboard configuration</heading>

	<p>
	  To achieve a consistent keyboard configuration so that all
	  applications interpret a keyboard event the same way, all
	  programs in the Debian distribution must be configured to
	  comply with the following guidelines.
	</p>

	<p>
	  The following keys must have the specified interpretations:

	  <taglist>
	    <tag><tt>&lt;--</tt></tag>
	    <item>delete the character to the left of the cursor</item>

	    <tag><tt>Delete</tt></tag>
	    <item>delete the character to the right of the cursor</item>

	    <tag><tt>Control+H</tt></tag>
	    <item>emacs: the help prefix</item>
	  </taglist>

	  The interpretation of any keyboard events should be
	  independent of the terminal that is used, be it a virtual
	  console, an X terminal emulator, an rlogin/telnet session,
	  etc.
	</p>

	<p>
	  The following list explains how the different programs
	  should be set up to achieve this:
	</p>

	<p>
	  <list>
	    <item>
		<tt>&lt;--</tt> generates <tt>KB_BackSpace</tt> in X.
	    </item>

	    <item>
		<tt>Delete</tt> generates <tt>KB_Delete</tt> in X.
	    </item>

	    <item>
		X translations are set up to make
		<tt>KB_Backspace</tt> generate ASCII DEL, and to make
		<tt>KB_Delete</tt> generate <tt>ESC [ 3 ~</tt> (this
		is the vt220 escape code for the "delete character"
		key).  This must be done by loading the X resources
		using <prgn>xrdb</prgn> on all local X displays, not
		using the application defaults, so that the
		translation resources used correspond to the
		<prgn>xmodmap</prgn> settings.
	    </item>

	    <item>
		The Linux console is configured to make
		<tt>&lt;--</tt> generate DEL, and <tt>Delete</tt>
		generate <tt>ESC [ 3 ~</tt>.
	    </item>

	    <item>
		X applications are configured so that <tt>&lt;</tt>
		deletes left, and <tt>Delete</tt> deletes right.  Motif
		applications already work like this.
	    </item>

	    <item>
		Terminals should have <tt>stty erase ^?</tt> .
	    </item>

	    <item>
		The <tt>xterm</tt> terminfo entry should have <tt>ESC
		[ 3 ~</tt> for <tt>kdch1</tt>, just as for
		<tt>TERM=linux</tt> and <tt>TERM=vt220</tt>.
	    </item>

	    <item>
		Emacs is programmed to map <tt>KB_Backspace</tt> or
		the <tt>stty erase</tt> character to
		<tt>delete-backward-char</tt>, and <tt>KB_Delete</tt>
		or <tt>kdch1</tt> to <tt>delete-forward-char</tt>, and
		<tt>^H</tt> to <tt>help</tt> as always.
	    </item>

	    <item>
		Other applications use the <tt>stty erase</tt>
		character and <tt>kdch1</tt> for the two delete keys,
		with ASCII DEL being "delete previous character" and
		<tt>kdch1</tt> being "delete character under
		cursor".
	    </item>

	  </list>
	</p>

	<p>
	  This will solve the problem except for the following
	  cases:
	</p>

	<p>
	  <list>
	    <item>
		Some terminals have a <tt>&lt;--</tt> key that cannot
		be made to produce anything except <tt>^H</tt>.  On
		these terminals Emacs help will be unavailable on
		<tt>^H</tt> (assuming that the <tt>stty erase</tt>
		character takes precedence in Emacs, and has been set
		correctly).  <tt>M-x help</tt> or <tt>F1</tt> (if
		available) can be used instead.
	    </item>

	    <item>
		Some operating systems use <tt>^H</tt> for <tt>stty
		erase</tt>.  However, modern telnet versions and all
		rlogin versions propagate <tt>stty</tt> settings, and
		almost all UNIX versions honour <tt>stty erase</tt>.
		Where the <tt>stty</tt> settings are not propagated
		correctly, things can be made to work by using
		<tt>stty</tt> manually.
	    </item>

	    <item>
		Some systems (including previous Debian versions) use
		<prgn>xmodmap</prgn> to arrange for both
		<tt>&lt;--</tt> and <tt>Delete</tt> to generate
		<tt>KB_Delete</tt>.  We can change the behavior of
		their X clients using the same X resources that we use
		to do it for our own clients, or configure our clients
		using their resources when things are the other way
		around.  On displays configured like this
		<tt>Delete</tt> will not work, but <tt>&lt;--</tt>
		will.
	    </item>

	    <item>
		Some operating systems have different <tt>kdch1</tt>
		settings in their <tt>terminfo</tt> database for
		<tt>xterm</tt> and others.  On these systems the
		<tt>Delete</tt> key will not work correctly when you
		log in from a system conforming to our policy, but
		<tt>&lt;--</tt> will.
	    </item>
	  </list>
	</p>
      </sect>

      <sect>
	<heading>Environment variables</heading>

	<p>
	  A program must not depend on environment variables to get
	  reasonable defaults.  (That's because these environment
	  variables would have to be set in a system-wide
	  configuration file like <file>/etc/profile</file>, which is not
	  supported by all shells.)
	</p>

	<p>
	  If a program usually depends on environment variables for its
	  configuration, the program should be changed to fall back to
	  a reasonable default configuration if these environment
	  variables are not present. If this cannot be done easily
	  (e.g., if the source code of a non-free program is not
	  available), the program must be replaced by a small
	  "wrapper" shell script which sets the environment variables
	  if they are not already defined, and calls the original program.
	</p>

	<p>
	  Here is an example of a wrapper script for this purpose:

	  <example compact="compact">
#!/bin/sh
BAR=${BAR:-/var/lib/fubar}
export BAR
exec /usr/lib/foo/foo "$@"
	  </example>
	</p>

	<p>
	  Furthermore, as <file>/etc/profile</file> is a configuration
	  file of the <prgn>base-files</prgn> package, other packages must
	  not put any environment variables or other commands into that
	  file.
	</p>
      </sect>

      <sect id="doc-base">
	<heading>Registering Documents using doc-base</heading>

	<p>
	  The <package>doc-base</package> package implements a
	  flexible mechanism for handling and presenting
	  documentation. The recommended practice is for every Debian
	  package that provides online documentation (other than just
	  manual pages) to register these documents with
	  <package>doc-base</package> by installing a
	  <package>doc-base</package> control file in
	  <file>/usr/share/doc-base/</file>.
	</p> 
	<p>
	  Please refer to the documentation that comes with the
	  <package>doc-base</package>  package for information and
	  details. 
	</p>
      </sect>

      <sect id="alternateinit">
        <heading>Alternate init systems</heading>
        <p>
          A number of other init systems are available now in Debian that
          can be used in place of <package>sysvinit</package>.  Alternative
          init implementations must support running SysV init scripts as
          described at <ref id="sysvinit"> for compatibility.
        </p>
        <p>
          Packages may integrate with these replacement init systems by
          providing implementation-specific configuration information about
          how and when to start a service or in what order to run certain
          tasks at boot time.  However, any package integrating with other
          init systems must also be backwards-compatible with
          <package>sysvinit</package> by providing a SysV-style init script
          with the same name as and equivalent functionality to any
          init-specific job, as this is the only start-up configuration
          method guaranteed to be supported by all init implementations.  An
          exception to this rule is scripts or jobs provided by the init
          implementation itself; such jobs may be required for an
          implementation-specific equivalent of the <file>/etc/rcS.d/</file>
          scripts and may not have a one-to-one correspondence with the init
          scripts.
        </p>
        <sect1 id="upstart">
          <heading>Event-based boot with upstart</heading>

	  <p>
            Packages may integrate with the <prgn>upstart</prgn> event-based
            boot system by installing job files in the
            <file>/etc/init</file> directory.  SysV init scripts for which
            an equivalent upstart job is available must query the output of
            the command <prgn>initctl version</prgn> for the string
            <tt>upstart</tt> and avoid running in favor of the native
            upstart job, using a test such as this:
	    <example compact="compact">
if [ "$1" = start ] && which initctl >/dev/null && initctl version | grep -q upstart
then
	exit 1
fi
	    </example>
          </p>
          <p>
            Because packages shipping upstart jobs may be installed on
            systems that are not using upstart, maintainer scripts must
            still use the common <prgn>update-rc.d</prgn> and
            <prgn>invoke-rc.d</prgn> interfaces for configuring runlevels
            and for starting and stopping services.  These maintainer
            scripts must not call the upstart <prgn>start</prgn>,
            <prgn>restart</prgn>, <prgn>reload</prgn>, or <prgn>stop</prgn>
            interfaces directly.  Instead, implementations of
            <prgn>invoke-rc.d</prgn> must detect when upstart is running and
            when an upstart job with the same name as an init script is
            present, and perform the requested action using the upstart job
            instead of the init script.
          </p>
          <p>
            Dependency-based boot managers for SysV init scripts, such as
            <prgn>startpar</prgn>, may avoid running a given init script
            entirely when an equivalent upstart job is present, to avoid
            unnecessary forking of no-op init scripts.  In this case, the
            boot manager should integrate with upstart to detect when the
            upstart job in question is started or stopped to know when the
            dependency has been satisfied.
          </p>
         </sect1>
      </sect>

    </chapt>


    <chapt id="files">
      <heading>Files</heading>

      <sect id="binaries">
	<heading>Binaries</heading>

	<p>
	  Two different packages must not install programs with
	  different functionality but with the same filenames.  (The
	  case of two programs having the same functionality but
	  different implementations is handled via "alternatives" or
	  the "Conflicts" mechanism.  See <ref id="maintscripts"> and
	  <ref id="conflicts"> respectively.)  If this case happens,
	  one of the programs must be renamed.  The maintainers should
	  report this to the <tt>debian-devel</tt> mailing list and
	  try to find a consensus about which program will have to be
	  renamed.  If a consensus cannot be reached, <em>both</em>
	  programs must be renamed.
	</p>
	<p>
          Binary executables must not be statically linked with the GNU C
          library, since this prevents the binary from benefiting from
          fixes and improvements to the C library without being rebuilt
          and complicates security updates.  This requirement may be
          relaxed for binary executables whose intended purpose is to
          diagnose and fix the system in situations where the GNU C
          library may not be usable (such as system recovery shells or
          utilities like ldconfig) or for binary executables where the
          security benefits of static linking outweigh the drawbacks.
	</p>
	<p>
         By default, when a package is being built, any binaries
         created should include debugging information, as well as
         being compiled with optimization.  You should also turn on
         as many reasonable compilation warnings as possible; this
         makes life easier for porters, who can then look at build
         logs for possible problems.  For the C programming language,
         this means the following compilation parameters should be
         used:
	  <example compact="compact">
CC = gcc
CFLAGS = -O2 -g -Wall # sane warning options vary between programs
LDFLAGS = # none
INSTALL = install -s # (or use strip on the files in debian/tmp)
	  </example>
	</p>

	<p>
	  Note that by default all installed binaries should be stripped,
	  either by using the <tt>-s</tt> flag to
	  <prgn>install</prgn>, or by calling <prgn>strip</prgn> on
	  the binaries after they have been copied into
	  <file>debian/tmp</file> but before the tree is made into a
	  package.
	</p>

	<p>
	  Although binaries in the build tree should be compiled with
	  debugging information by default, it can often be difficult to
	  debug programs if they are also subjected to compiler
	  optimization.  For this reason, it is recommended to support the
	  standardized environment variable <tt>DEB_BUILD_OPTIONS</tt>
	  (see <ref id="debianrules-options">).  This variable can contain
	  several flags to change how a package is compiled and built.
	</p>

	<p>
	  It is up to the package maintainer to decide what
	  compilation options are best for the package.  Certain
	  binaries (such as computationally-intensive programs) will
	  function better with certain flags (<tt>-O3</tt>, for
	  example); feel free to use them.  Please use good judgment
	  here.  Don't use flags for the sake of it; only use them
	  if there is good reason to do so.  Feel free to override
	  the upstream author's ideas about which compilation
	  options are best: they are often inappropriate for our
	  environment.
	</p>
      </sect>


      <sect id="libraries">
	<heading>Libraries</heading>

        <p>
          If the package is <strong>architecture: any</strong>, then
          the shared library compilation and linking flags must have
          <tt>-fPIC</tt>, or the package shall not build on some of
          the supported architectures<footnote>
            <p>
              If you are using GCC, <tt>-fPIC</tt> produces code with
              relocatable position independent code, which is required for
              most architectures to create a shared library, with i386 and
              perhaps some others where non position independent code is
              permitted in a shared library.
            </p>
            <p>
              Position independent code may have a performance penalty,
              especially on <tt>i386</tt>. However, in most cases the
              speed penalty must be measured against the memory wasted on
              the few architectures where non position independent code is
              even possible.
            </p>
          </footnote>. Any exception to this rule must be discussed on
          the mailing list <em>debian-devel@lists.debian.org</em>, and
          a rough consensus obtained.  The reasons for not compiling
          with <tt>-fPIC</tt> flag must be recorded in the file
          <tt>README.Debian</tt>, and care must be taken to either
          restrict the architecture or arrange for <tt>-fPIC</tt> to
          be used on architectures where it is required.<footnote>
            <p>
              Some of the reasons why this might be required is if the
              library contains hand crafted assembly code that is not
              relocatable, the speed penalty is excessive for compute
              intensive libs, and similar reasons.
            </p>
          </footnote>
        </p>
	<p>
          As to the static libraries, the common case is not to have
          relocatable code, since there is no benefit, unless in specific
          cases; therefore the static version must not be compiled
          with the <tt>-fPIC</tt> flag. Any exception to this rule
          should be discussed on the mailing list
          <em>debian-devel@lists.debian.org</em>,  and the reasons for
          compiling with the <tt>-fPIC</tt> flag must be recorded in
          the file <tt>README.Debian</tt>. <footnote>
            <p>
              Some of the reasons for linking static libraries with
              the <tt>-fPIC</tt> flag are if, for example, one needs a
              Perl API for a library that is under rapid development,
              and has an unstable API, so shared libraries are
              pointless at this phase of the library's development. In
              that case, since Perl needs a library with relocatable
              code, it may make sense to create a static library with
              relocatable code. Another reason cited is if you are
              distilling various libraries into a common shared
              library, like <tt>mklibs</tt> does in the Debian
              installer project.
            </p>
          </footnote>
	</p>
        <p>
          In other words, if both a shared and a static library is
          being built, each source unit (<tt>*.c</tt>, for example,
          for C files) will need to be compiled twice, for the normal
          case. 
        </p>

	<p>
	  Libraries should be built with threading support and to be
	  thread-safe if the library supports this.
	</p>

        <p>
          Although not enforced by the build tools, shared libraries
          must be linked against all libraries that they use symbols from
          in the same way that binaries are.  This ensures the correct
          functioning of the <qref id="sharedlibs-symbols">symbols</qref>
          and <qref id="sharedlibs-shlibdeps">shlibs</qref>
          systems and guarantees that all libraries can be safely opened
          with <tt>dlopen()</tt>.  Packagers may wish to use the gcc
          option <tt>-Wl,-z,defs</tt> when building a shared library.
          Since this option enforces symbol resolution at build time,
          a missing library reference will be caught early as a fatal
          build error.
        </p>

	<p>
	  All installed shared libraries should be stripped with
	  <example compact="compact">
strip --strip-unneeded <var>your-lib</var>
	  </example>
	  (The option <tt>--strip-unneeded</tt> makes
	  <prgn>strip</prgn> remove only the symbols which aren't
	  needed for relocation processing.)  Shared libraries can
	  function perfectly well when stripped, since the symbols for
	  dynamic linking are in a separate part of the ELF object
	  file.<footnote>
	      You might also want to use the options
	      <tt>--remove-section=.comment</tt> and
	      <tt>--remove-section=.note</tt> on both shared libraries
	      and executables, and <tt>--strip-debug</tt> on static
	      libraries.
	  </footnote>
	</p>

	<p>
	  Note that under some circumstances it may be useful to
	  install a shared library unstripped, for example when
	  building a separate package to support debugging.
	</p>

 	<p>
	  Shared object files (often <file>.so</file> files) that are not
	  public libraries, that is, they are not meant to be linked
	  to by third party executables (binaries of other packages),
	  should be installed in subdirectories of the
	  <file>/usr/lib</file> directory.  Such files are exempt from the
	  rules that govern ordinary shared libraries, except that
	  they must not be installed executable and should be
	  stripped.<footnote>
	      A common example are the so-called "plug-ins",
	      internal shared objects that are dynamically loaded by
	      programs using <manref name="dlopen" section="3">.
	  </footnote>
	</p>

	<p>
	  Packages that use <prgn>libtool</prgn> to create and install
	  their shared libraries install a file containing additional
	  metadata (ending in <file>.la</file>) alongside the library.
	  For public libraries intended for use by other packages, these
	  files normally should not be included in the Debian package,
	  since the information they include is not necessary to link with
	  the shared library on Debian and can add unnecessary additional
	  dependencies to other programs or libraries.<footnote>
	    These files store, among other things, all libraries on which
	    that shared library depends.  Unfortunately, if
	    the <file>.la</file> file is present and contains that
	    dependency information, using <prgn>libtool</prgn> when
	    linking against that library will cause the resulting program
	    or library to be linked against those dependencies as well,
	    even if this is unnecessary.  This can create unneeded
	    dependencies on shared library packages that would otherwise
	    be hidden behind the library ABI, and can make library
	    transitions to new SONAMEs unnecessarily complicated and
	    difficult to manage.
	  </footnote>
	  If the <file>.la</file> file is required for that library (if,
	  for instance, it's loaded via <tt>libltdl</tt> in a way that
	  requires that meta-information), the <tt>dependency_libs</tt>
	  setting in the <file>.la</file> file should normally be set to
	  the empty string.  If the shared library development package has
	  historically included the <file>.la</file>, it must be retained
	  in the development package (with <tt>dependency_libs</tt>
	  emptied) until all libraries that depend on it have removed or
	  emptied <tt>dependency_libs</tt> in their <file>.la</file>
	  files to prevent linking with those other libraries
	  using <prgn>libtool</prgn> from failing.
	</p>

	<p>
	  If the <file>.la</file> must be included, it should be included
	  in the development (<tt>-dev</tt>) package, unless the library
	  will be loaded by <prgn>libtool</prgn>'s <tt>libltdl</tt>
	  library.  If it is intended for use with <tt>libltdl</tt>,
	  the <file>.la</file> files must go in the run-time library
	  package.
	</p>

	<p>
	  These requirements for handling of <file>.la</file> files do not
	  apply to loadable modules or libraries not installed in
	  directories searched by default by the dynamic linker.  Packages
	  installing loadable modules will frequently need to install
	  the <file>.la</file> files alongside the modules so that they
	  can be loaded by <tt>libltdl</tt>.  <tt>dependency_libs</tt>
	  does not need to be modified for libraries or modules that are
	  not installed in directories searched by the dynamic linker by
	  default and not intended for use by other packages.
	</p>

	<p>
	  You must make sure that you use only released versions of
	  shared libraries to build your packages; otherwise other
	  users will not be able to run your binaries
	  properly. Producing source packages that depend on
	  unreleased compilers is also usually a bad
	  idea.
	</p>
      </sect>


      <sect>
	<heading>Shared libraries</heading>
	<p>
	  This section has moved to <ref id="sharedlibs">.
	</p>
      </sect>


      <sect id="scripts">
	<heading>Scripts</heading>

	<p>
	  All command scripts, including the package maintainer
	  scripts inside the package and used by <prgn>dpkg</prgn>,
	  should have a <tt>#!</tt> line naming the shell to be used
	  to interpret them.
	</p>

	<p>
	  In the case of Perl scripts this should be
	  <tt>#!/usr/bin/perl</tt>.
	</p>

        <p>
          When scripts are installed into a directory in the system
          PATH, the script name should not include an extension such
          as <tt>.sh</tt> or <tt>.pl</tt> that denotes the scripting
          language currently used to implement it.
        </p>
	<p>
	  Shell scripts (<prgn>sh</prgn> and <prgn>bash</prgn>) other than
	  <file>init.d</file> scripts should almost certainly start
	  with <tt>set -e</tt> so that errors are detected.
	  <file>init.d</file> scripts are something of a special case, due
	  to how frequently they need to call commands that are allowed to
	  fail, and it may instead be easier to check the exit status of
	  commands directly.  See <ref id="writing-init"> for more
	  information about writing <file>init.d</file> scripts.
	</p>
	<p>
	  Every script should use <tt>set -e</tt> or check the exit status
	  of <em>every</em> command.
	</p>
	<p>
	  Scripts may assume that <file>/bin/sh</file> implements the
	  SUSv3 Shell Command Language<footnote>
	    Single UNIX Specification, version 3, which is also IEEE
	    1003.1-2004 (POSIX), and is available on the World Wide Web
	    from <url id="http://www.unix.org/version3/online.html"
		      name="The Open Group"> after free
	    registration.</footnote>
	  plus the following additional features not mandated by
	  SUSv3:<footnote>
	    These features are in widespread use in the Linux community
	    and are implemented in all of bash, dash, and ksh, the most
	    common shells users may wish to use as <file>/bin/sh</file>.
	  </footnote>
	  <list>
	    <item><tt>echo -n</tt>, if implemented as a shell built-in,
	      must not generate a newline.</item>
	    <item><tt>test</tt>, if implemented as a shell built-in, must
	      support <tt>-a</tt> and <tt>-o</tt> as binary logical
	      operators.</item>
	    <item><tt>local</tt> to create a scoped variable must be
	      supported, including listing multiple variables in a single
	      local command and assigning a value to a variable at the
	      same time as localizing it.  <tt>local</tt> may or
	      may not preserve the variable value from an outer scope if
	      no assignment is present.	 Uses such as:
<example compact>
fname () {
    local a b c=delta d
    # ... use a, b, c, d ...
}
</example>
	      must be supported and must set the value of <tt>c</tt> to
	      <tt>delta</tt>.
	    </item>
	    <item>The XSI extension to <prgn>kill</prgn> allowing <tt>kill
	      -<var>signal</var></tt>, where <var>signal</var> is either
	      the name of a signal or one of the numeric signals listed in
	      the XSI extension (0, 1, 2, 3, 6, 9, 14, and 15), must be
	      supported if <prgn>kill</prgn> is implemented as a shell
	      built-in.
	    </item>
	    <item>The XSI extension to <prgn>trap</prgn> allowing numeric
	      signals must be supported.  In addition to the signal
	      numbers listed in the extension, which are the same as for
	      <prgn>kill</prgn> above, 13 (SIGPIPE) must be allowed.
	    </item>
	  </list>
	  If a shell script requires non-SUSv3 features from the shell
	  interpreter other than those listed above, the appropriate shell
	  must be specified in the first line of the script (e.g.,
	  <tt>#!/bin/bash</tt>) and the package must depend on the package
	  providing the shell (unless the shell package is marked
	  "Essential", as in the case of <prgn>bash</prgn>).
	</p>

	<p>
	  You may wish to restrict your script to SUSv3 features plus the
	  above set when possible so that it may use <file>/bin/sh</file>
	  as its interpreter.  Checking your script
	  with <prgn>checkbashisms</prgn> from
	  the <package>devscripts</package> package or running your script
	  with an alternate shell such as <prgn>posh</prgn> may help
	  uncover violations of the above requirements.  If in doubt
	  whether a script complies with these requirements,
	  use <file>/bin/bash</file>.
	</p>

	<p>
	  Perl scripts should check for errors when making any
	  system calls, including <tt>open</tt>, <tt>print</tt>,
	  <tt>close</tt>, <tt>rename</tt> and <tt>system</tt>.
	</p>

	<p>
	  <prgn>csh</prgn> and <prgn>tcsh</prgn> should be avoided as
	  scripting languages.  See <em>Csh Programming Considered
	  Harmful</em>, one of the <tt>comp.unix.*</tt> FAQs, which
	  can be found at <url id="http://www.faqs.org/faqs/unix-faq/shell/csh-whynot/">.
	  If an upstream package comes with <prgn>csh</prgn> scripts
	  then you must make sure that they start with
	  <tt>#!/bin/csh</tt> and make your package depend on the
	  <prgn>c-shell</prgn> virtual package.
	</p>

	<p>
	  Any scripts which create files in world-writeable
	  directories (e.g., in <file>/tmp</file>) must use a
	  mechanism which will fail atomically if a file with the same
	  name already exists.
	</p>

	<p>
	  The Debian base system provides the <prgn>tempfile</prgn>
	  and <prgn>mktemp</prgn> utilities for use by scripts for
	  this purpose.
	</p>
      </sect>


      <sect>
	<heading>Symbolic links</heading>

	<p>
	  In general, symbolic links within a top-level directory should
	  be relative, and symbolic links pointing from one top-level
	  directory to or into another should be absolute. (A top-level
	  directory is a sub-directory of the root
	  directory <file>/</file>.)  For example, a symbolic link
	  from <file>/usr/lib/foo</file> to <file>/usr/share/bar</file>
	  should be relative (<file>../share/bar</file>), but a symbolic
	  link from <file>/var/run</file> to <file>/run</file> should be
	  absolute.<footnote>
	    This is necessary to allow top-level directories to be
	    symlinks.  If linking <file>/var/run</file>
	    to <file>/run</file> were done with the relative symbolic
	    link <file>../run</file>, but <file>/var</file> were a
	    symbolic link to <file>/srv/disk1</file>, the symbolic link
	    would point to <file>/srv/run</file> rather than the intended
	    target.
	  </footnote>
	  Symbolic links must not traverse above the root directory.
	</p>

	<p>
	  In addition, symbolic links should be specified as short as
	  possible, i.e., link targets like <file>foo/../bar</file> are
	  deprecated.
	</p>

	<p>
	  Note that when creating a relative link using
	  <prgn>ln</prgn> it is not necessary for the target of the
	  link to exist relative to the working directory you're
	  running <prgn>ln</prgn> from, nor is it necessary to change
	  directory to the directory where the link is to be made.
	  Simply include the string that should appear as the target
	  of the link (this will be a pathname relative to the
	  directory in which the link resides) as the first argument
	  to <prgn>ln</prgn>.
	</p>

	<p>
	  For example, in your <prgn>Makefile</prgn> or
	  <file>debian/rules</file>, you can do things like:
	  <example compact="compact">
ln -fs gcc $(prefix)/bin/cc
ln -fs gcc debian/tmp/usr/bin/cc
ln -fs ../sbin/sendmail $(prefix)/bin/runq
ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
	  </example>
	</p>

	<p>
	  A symbolic link pointing to a compressed file (in the sense
	  that it is meant to be uncompressed with <prgn>unzip</prgn>
	  or <prgn>zless</prgn> etc.) should always
	  have the same file extension as the referenced file. (For
	  example, if a file <file>foo.gz</file> is referenced by a
	  symbolic link, the filename of the link has to end with
	  "<file>.gz</file>" too, as in <file>bar.gz</file>.)
	</p>
      </sect>

      <sect>
	<heading>Device files</heading>

	<p>
	  Packages must not include device files or named pipes in the
	  package file tree.
	</p>

	<p>
	  If a package needs any special device files that are not
	  included in the base system, it must call
	  <prgn>MAKEDEV</prgn> in the <prgn>postinst</prgn> script,
	  after notifying the user<footnote>
	      This notification could be done via a (low-priority)
	      debconf message, or an echo (printf) statement.
	  </footnote>.
	</p>

	<p>
	  Packages must not remove any device files in the
	  <prgn>postrm</prgn> or any other script. This is left to the
	  system administrator.
	</p>

	<p>
	  Debian uses the serial devices
	  <file>/dev/ttyS*</file>. Programs using the old
	  <file>/dev/cu*</file> devices should be changed to use
	  <file>/dev/ttyS*</file>.
	</p>

	<p>
	  Named pipes needed by the package must be created in
	  the <prgn>postinst</prgn> script<footnote>
	    It's better to use <prgn>mkfifo</prgn> rather
	    than <prgn>mknod</prgn> to create named pipes so that
	    automated checks for packages incorrectly creating device
	    files with <prgn>mknod</prgn> won't have false positives.
	  </footnote> and removed in
	  the <prgn>prerm</prgn> or <prgn>postrm</prgn> script as
	  appropriate.
	</p>
      </sect>

      <sect id="config-files">
	<heading>Configuration files</heading>

	<sect1>
	  <heading>Definitions</heading>

	  <p>
	    <taglist>
	      <tag>configuration file</tag>
	      <item>
		  A file that affects the operation of a program, or
		  provides site- or host-specific information, or
		  otherwise customizes the behavior of a program.
		  Typically, configuration files are intended to be
		  modified by the system administrator (if needed or
		  desired) to conform to local policy or to provide
		  more useful site-specific behavior.
	      </item>

	      <tag><tt>conffile</tt></tag>
	      <item>
		  A file listed in a package's <tt>conffiles</tt>
		  file, and is treated specially by <prgn>dpkg</prgn>
		  (see <ref id="configdetails">).
	      </item>
	    </taglist>
	  </p>

	  <p>
	    The distinction between these two is important; they are
	    not interchangeable concepts. Almost all
	    <tt>conffile</tt>s are configuration files, but many
	    configuration files are not <tt>conffiles</tt>.
	  </p>

	  <p>
	    As noted elsewhere, <file>/etc/init.d</file> scripts,
	    <file>/etc/default</file> files, scripts installed in
	    <file>/etc/cron.{hourly,daily,weekly,monthly}</file>, and cron
	    configuration installed in <file>/etc/cron.d</file> must be
	    treated as configuration files.  In general, any script that
	    embeds configuration information is de-facto a configuration
	    file and should be treated as such.
	  </p>
	</sect1>

	<sect1>
	  <heading>Location</heading>

	  <p>
	    Any configuration files created or used by your package
	    must reside in <file>/etc</file>. If there are several,
	    consider creating a subdirectory of <file>/etc</file>
	    named after your package.
	  </p>

	  <p>
	    If your package creates or uses configuration files
	    outside of <file>/etc</file>, and it is not feasible to modify
	    the package to use <file>/etc</file> directly, put the files
	    in <file>/etc</file> and create symbolic links to those files
	    from the location that the package requires.
	  </p>
	</sect1>

	<sect1>
	  <heading>Behavior</heading>

	  <p>
	    Configuration file handling must conform to the following
	    behavior:
	    <list compact="compact">
	      <item>
		  local changes must be preserved during a package
		  upgrade, and
	      </item>
	      <item>
		  configuration files must be preserved when the
		  package is removed, and only deleted when the
		  package is purged.
	      </item>
	    </list>
	    Obsolete configuration files without local changes should be
	    removed by the package during upgrade.<footnote>
	      The <prgn>dpkg-maintscript-helper</prgn> tool, available from the
	      <package>dpkg</package> package, can help for this task.</footnote>
	  </p>

	  <p>
	    The easy way to achieve this behavior is to make the
	    configuration file a <tt>conffile</tt>. This is
	    appropriate only if it is possible to distribute a default
	    version that will work for most installations, although
	    some system administrators may choose to modify it. This
	    implies that the default version will be part of the
	    package distribution, and must not be modified by the
	    maintainer scripts during installation (or at any other
	    time).
	  </p>

	  <p>
	    In order to ensure that local changes are preserved
	    correctly, no package may contain or make hard links to
	    conffiles.<footnote>
		Rationale: There are two problems with hard links.
		The first is that some editors break the link while
		editing one of the files, so that the two files may
		unwittingly become unlinked and different.  The second
		is that <prgn>dpkg</prgn> might break the hard link
		while upgrading <tt>conffile</tt>s.
	    </footnote>
	  </p>

	  <p>
	    The other way to do it is via the maintainer scripts.  In
	    this case, the configuration file must not be listed as a
	    <tt>conffile</tt> and must not be part of the package
	    distribution. If the existence of a file is required for
	    the package to be sensibly configured it is the
	    responsibility of the package maintainer to provide
	    maintainer scripts which correctly create, update and
	    maintain the file and remove it on purge.  (See <ref
	    id="maintainerscripts"> for more information.)  These
	    scripts must be idempotent (i.e., must work correctly if
	    <prgn>dpkg</prgn> needs to re-run them due to errors
	    during installation or removal), must cope with all the
	    variety of ways <prgn>dpkg</prgn> can call maintainer
	    scripts, must not overwrite or otherwise mangle the user's
	    configuration without asking, must not ask unnecessary
	    questions (particularly during upgrades), and must
	    otherwise be good citizens.
	  </p>

	  <p>
	    The scripts are not required to configure every possible
	    option for the package, but only those necessary to get
	    the package running on a given system. Ideally the
	    sysadmin should not have to do any configuration other
	    than that done (semi-)automatically by the
	    <prgn>postinst</prgn> script.
	  </p>

	  <p>
	    A common practice is to create a script called
	    <file><var>package</var>-configure</file> and have the
	    package's <prgn>postinst</prgn> call it if and only if the
	    configuration file does not already exist.  In certain
	    cases it is useful for there to be an example or template
	    file which the maintainer scripts use.  Such files should
	    be in <file>/usr/share/<var>package</var></file> or
	    <file>/usr/lib/<var>package</var></file> (depending on whether
	    they are architecture-independent or not).  There should
	    be symbolic links to them from
	    <file>/usr/share/doc/<var>package</var>/examples</file> if
	    they are examples, and should be perfectly ordinary
	    <prgn>dpkg</prgn>-handled files (<em>not</em>
	    configuration files).
	  </p>

	  <p>
	    These two styles of configuration file handling must
	    not be mixed, for that way lies madness:
	    <prgn>dpkg</prgn> will ask about overwriting the file
	    every time the package is upgraded.
	  </p>
	</sect1>

	<sect1>
	  <heading>Sharing configuration files</heading>

	  <p>
	    If two or more packages use the same configuration file
	    and it is reasonable for both to be installed at the same
	    time, one of these packages must be defined as
	    <em>owner</em> of the configuration file, i.e., it will be
	    the package which handles that file as a configuration
	    file.  Other packages that use the configuration file must
	    depend on the owning package if they require the
	    configuration file to operate. If the other package will
	    use the configuration file if present, but is capable of
	    operating without it, no dependency need be declared.
	  </p>

	  <p>
	    If it is desirable for two or more related packages to
	    share a configuration file <em>and</em> for all of the
	    related packages to be able to modify that configuration
	    file, then the following should be done:
	    <enumlist compact="compact">
	      <item>
		  One of the related packages (the "owning" package)
		  will manage the configuration file with maintainer
		  scripts as described in the previous section.
	      </item>
	      <item>
		  The owning package should also provide a program
		  that the other packages may use to modify the
		  configuration file.
	      </item>
	      <item>
		  The related packages must use the provided program
		  to make any desired modifications to the
		  configuration file.  They should either depend on
		  the core package to guarantee that the configuration
		  modifier program is available or accept gracefully
		  that they cannot modify the configuration file if it
		  is not.  (This is in addition to the fact that the
		  configuration file may not even be present in the
		  latter scenario.)
	      </item>
	    </enumlist>
	  </p>

	  <p>
	    Sometimes it's appropriate to create a new package which
	    provides the basic infrastructure for the other packages
	    and which manages the shared configuration files.  (The
	    <tt>sgml-base</tt> package is a good example.)
	  </p>

	  <p>
	    If the configuration file cannot be shared as described above,
	    the packages must be marked as conflicting with each other.
	    Two packages that specify the same file as
	    a <tt>conffile</tt> must conflict.  This is an instance of the
	    general rule about not sharing files.  Neither alternatives
	    nor diversions are likely to be appropriate in this case; in
	    particular, <prgn>dpkg</prgn> does not handle diverted
	    <tt>conffile</tt>s well.
	  </p>

	  <p>
	    When two packages both declare the same <tt>conffile</tt>, they
	    may see left-over configuration files from each other even
	    though they conflict with each other.  If a user removes
	    (without purging) one of the packages and installs the other,
	    the new package will take over the <tt>conffile</tt> from the
	    old package.  If the file was modified by the user, it will be
	    treated the same as any other locally
	    modified <tt>conffile</tt> during an upgrade.
	  </p>

	  <p>
	    The maintainer scripts must not alter a <tt>conffile</tt>
	    of <em>any</em> package, including the one the scripts
	    belong to.
	  </p>
	</sect1>

	<sect1>
	  <heading>User configuration files ("dotfiles")</heading>

	  <p>
	    The files in <file>/etc/skel</file> will automatically be
	    copied into new user accounts by <prgn>adduser</prgn>.
	    No other program should reference the files in
	    <file>/etc/skel</file>.
	  </p>

	  <p>
	    Therefore, if a program needs a dotfile to exist in
	    advance in <file>$HOME</file> to work sensibly, that dotfile
	    should be installed in <file>/etc/skel</file> and treated as a
	    configuration file.
	  </p>

	  <p>
	    However, programs that require dotfiles in order to
	    operate sensibly are a bad thing, unless they do create
	    the dotfiles themselves automatically.
	  </p>

	  <p>
	    Furthermore, programs should be configured by the Debian
	    default installation to behave as closely to the upstream
	    default behavior as possible.
	  </p>

	  <p>
	    Therefore, if a program in a Debian package needs to be
	    configured in some way in order to operate sensibly, that
	    should be done using a site-wide configuration file placed
	    in <file>/etc</file>.  Only if the program doesn't support a
	    site-wide default configuration and the package maintainer
	    doesn't have time to add it may a default per-user file be
	    placed in <file>/etc/skel</file>.
	  </p>

	  <p>
	    <file>/etc/skel</file> should be as empty as we can make it.
	    This is particularly true because there is no easy (or
	    necessarily desirable) mechanism for ensuring that the
	    appropriate dotfiles are copied into the accounts of
	    existing users when a package is installed.
	  </p>
	</sect1>
      </sect>

      <sect>
	<heading>Log files</heading>
	<p>
	  Log files should usually be named
	  <file>/var/log/<var>package</var>.log</file>.  If you have many
	  log files, or need a separate directory for permission
	  reasons (<file>/var/log</file> is writable only by
	  <file>root</file>), you should usually create a directory named
	  <file>/var/log/<var>package</var></file> and place your log
	  files there.
	</p>

	<p>
	  Log files must be rotated occasionally so that they don't grow
	  indefinitely.  The best way to do this is to install a log
	  rotation configuration file in the
	  directory <file>/etc/logrotate.d</file>, normally
	  named <file>/etc/logrotate.d/<var>package</var></file>, and use
	  the facilities provided by <prgn>logrotate</prgn>.
	  <footnote>
	    <p>
	      The traditional approach to log files has been to set up
	      <em>ad hoc</em> log rotation schemes using simple shell
	      scripts and cron.  While this approach is highly
	      customizable, it requires quite a lot of sysadmin work.
	      Even though the original Debian system helped a little
	      by automatically installing a system which can be used
	      as a template, this was deemed not enough.
	    </p>

	    <p>
	      The use of <prgn>logrotate</prgn>, a program developed
	      by Red Hat, is better, as it centralizes log management.
	      It has both a configuration file
	      (<file>/etc/logrotate.conf</file>) and a directory where
	      packages can drop their individual log rotation
	      configurations (<file>/etc/logrotate.d</file>).
	    </p>
	  </footnote>
	  Here is a good example for a logrotate config
	  file (for more information see <manref name="logrotate"
	    section="8">):
	  <example compact="compact">
/var/log/foo/*.log {
    rotate 12
    weekly
    compress
    missingok
    postrotate
        start-stop-daemon -K -p /var/run/foo.pid -s HUP -x /usr/sbin/foo -q
    endscript
}
	  </example>
	  This rotates all files under <file>/var/log/foo</file>, saves 12
	  compressed generations, and tells the daemon to reopen its log
	  files after the log rotation.  It skips this log rotation
	  (via <tt>missingok</tt>) if no such log file is present, which
	  avoids errors if the package is removed but not purged.
	</p>

	<p>
	  Log files should be removed when the package is
	  purged (but not when it is only removed).  This should be
	  done by the <prgn>postrm</prgn> script when it is called
	  with the argument <tt>purge</tt> (see <ref
	  id="removedetails">).
	</p>
      </sect>

      <sect id="permissions-owners">
	<heading>Permissions and owners</heading>

	<p>
	  The rules in this section are guidelines for general use.
	  If necessary you may deviate from the details below.
	  However, if you do so you must make sure that what is done
	  is secure and you should try to be as consistent as possible
	  with the rest of the system.  You should probably also
	  discuss it on <prgn>debian-devel</prgn> first.
	</p>

	<p>
	  Files should be owned by <tt>root:root</tt>, and made
	  writable only by the owner and universally readable (and
	  executable, if appropriate), that is mode 644 or 755.
	</p>

	<p>
	  Directories should be mode 755 or (for group-writability)
	  mode 2775.  The ownership of the directory should be
	  consistent with its mode: if a directory is mode 2775, it
	  should be owned by the group that needs write access to
	  it.<footnote>
            <p>
              When a package is upgraded, and the owner or permissions
              of a file included in the package has changed, dpkg
              arranges for the ownership and permissions to be
              correctly set upon installation. However, this does not
              extend to directories; the permissions and ownership of
              directories already on the system does not change on
              install or upgrade of packages.  This makes sense, since
              otherwise common directories like <tt>/usr</tt> would
              always be in flux.  To correctly change permissions of a
              directory the package owns, explicit action is required,
              usually in the <tt>postinst</tt> script. Care must be
              taken to handle downgrades as well, in that case.
            </p>
          </footnote>
	</p>

	<p>
	  Control information files should be owned by <tt>root:root</tt>
	  and either mode 644 (for most files) or mode 755 (for
	  executables such as <qref id="maintscripts">maintainer
	  scripts</qref>).
	</p>

	<p>
	  Setuid and setgid executables should be mode 4755 or 2755
	  respectively, and owned by the appropriate user or group.
	  They should not be made unreadable (modes like 4711 or
	  2711 or even 4111); doing so achieves no extra security,
	  because anyone can find the binary in the freely available
	  Debian package; it is merely inconvenient.  For the same
	  reason you should not restrict read or execute permissions
	  on non-set-id executables.
	</p>

	<p>
	  Some setuid programs need to be restricted to particular
	  sets of users, using file permissions.  In this case they
	  should be owned by the uid to which they are set-id, and by
	  the group which should be allowed to execute them.  They
	  should have mode 4754; again there is no point in making
	  them unreadable to those users who must not be allowed to
	  execute them.
	</p>

	<p>
	  It is possible to arrange that the system administrator can
	  reconfigure the package to correspond to their local
	  security policy by changing the permissions on a binary:
	  they can do this by using <prgn>dpkg-statoverride</prgn>, as
	  described below.<footnote>
	    Ordinary files installed by <prgn>dpkg</prgn> (as
	    opposed to <tt>conffile</tt>s and other similar objects)
	    normally have their permissions reset to the distributed
	    permissions when the package is reinstalled.  However,
	    the use of <prgn>dpkg-statoverride</prgn> overrides this
	    default behavior.
	  </footnote>
	  Another method you should consider is to create a group for
	  people allowed to use the program(s) and make any setuid
	  executables executable only by that group.
	</p>

	<p>
	  If you need to create a new user or group for your package
	  there are two possibilities.  Firstly, you may need to
	  make some files in the binary package be owned by this
	  user or group, or you may need to compile the user or
	  group id (rather than just the name) into the binary
	  (though this latter should be avoided if possible, as in
	  this case you need a statically allocated id).</p>

	<p>
	  If you need a statically allocated id, you must ask for a
	  user or group id from the <tt>base-passwd</tt> maintainer,
	  and must not release the package until you have been
	  allocated one.  Once you have been allocated one you must
	  either make the package depend on a version of the
	  <tt>base-passwd</tt> package with the id present in
	  <file>/etc/passwd</file> or <file>/etc/group</file>, or arrange for
	  your package to create the user or group itself with the
	  correct id (using <tt>adduser</tt>) in its
	  <prgn>preinst</prgn> or <prgn>postinst</prgn>.  (Doing it in
	  the <prgn>postinst</prgn> is to be preferred if it is
	  possible, otherwise a pre-dependency will be needed on the
	  <tt>adduser</tt> package.)
	</p>

	<p>
	  On the other hand, the program might be able to determine
	  the uid or gid from the user or group name at runtime, so
	  that a dynamically allocated id can be used.  In this case
	  you should choose an appropriate user or group name,
	  discussing this on <prgn>debian-devel</prgn> and checking
	  with the <package/base-passwd/ maintainer that it is unique and that
	  they do not wish you to use a statically allocated id
	  instead.  When this has been checked you must arrange for
	  your package to create the user or group if necessary using
	  <prgn>adduser</prgn> in the <prgn>preinst</prgn> or
	  <prgn>postinst</prgn> script (again, the latter is to be
	  preferred if it is possible).
	</p>

	<p>
	  Note that changing the numeric value of an id associated
	  with a name is very difficult, and involves searching the
	  file system for all appropriate files.  You need to think
	  carefully whether a static or dynamic id is required, since
	  changing your mind later will cause problems.
	</p>

	<sect1><heading>The use of <prgn>dpkg-statoverride</prgn></heading>
	  <p>
	    This section is not intended as policy, but as a
	    description of the use of <prgn>dpkg-statoverride</prgn>.
	  </p>

	  <p>
	    If a system administrator wishes to have a file (or
	    directory or other such thing) installed with owner and
	    permissions different from those in the distributed Debian
	    package, they can use the <prgn>dpkg-statoverride</prgn>
	    program to instruct <prgn>dpkg</prgn> to use the different
	    settings every time the file is installed.  Thus the
	    package maintainer should distribute the files with their
	    normal permissions, and leave it for the system
	    administrator to make any desired changes.  For example, a
	    daemon which is normally required to be setuid root, but
	    in certain situations could be used without being setuid,
	    should be installed setuid in the <tt>.deb</tt>.  Then the
	    local system administrator can change this if they wish.
	    If there are two standard ways of doing it, the package
	    maintainer can use <tt>debconf</tt> to find out the
	    preference, and call <prgn>dpkg-statoverride</prgn> in the
	    maintainer script if necessary to accommodate the system
	    administrator's choice. Care must be taken during
	    upgrades to not override an existing setting.
	  </p>

	  <p>
	    Given the above, <prgn>dpkg-statoverride</prgn> is
	    essentially a tool for system administrators and would not
	    normally be needed in the maintainer scripts.  There is
	    one type of situation, though, where calls to
	    <prgn>dpkg-statoverride</prgn> would be needed in the
	    maintainer scripts, and that involves packages which use
	    dynamically allocated user or group ids.  In such a
	    situation, something like the following idiom can be very
	    helpful in the package's <prgn>postinst</prgn>, where
	    <tt>sysuser</tt> is a dynamically allocated id:
	    <example>
for i in /usr/bin/foo /usr/sbin/bar
do
  # only do something when no setting exists
  if ! dpkg-statoverride --list $i >/dev/null 2>&1
  then
    #include: debconf processing, question about foo and bar
    if [ "$RET" = "true" ] ; then
      dpkg-statoverride --update --add sysuser root 4755 $i
    fi
  fi
done
	    </example>
	    The corresponding code to remove the override when the package
	    is purged would be:
	    <example>
for i in /usr/bin/foo /usr/sbin/bar
do
  if dpkg-statoverride --list $i >/dev/null 2>&1
  then
    dpkg-statoverride --remove $i
  fi
done
	    </example>
	  </p>
	</sect1>
      </sect>

      <sect id="filenames">
	<heading>File names</heading>

        <p>
	  The name of the files installed by binary packages in the system PATH
	  (namely <tt>/bin</tt>, <tt>/sbin</tt>, <tt>/usr/bin</tt>,
	  <tt>/usr/sbin</tt> and <tt>/usr/games</tt>) must be encoded in
	  ASCII.
	</p>

	<p>
	  The name of the files and directories installed by binary packages
	  outside the system PATH must be encoded in UTF-8 and should be
	  restricted to ASCII when it is possible to do so.
	</p>
      </sect>
    </chapt>


    <chapt id="customized-programs">
      <heading>Customized programs</heading>

      <sect id="arch-spec">
	<heading>Architecture specification strings</heading>

	<p>
	  If a program needs to specify an <em>architecture specification
	  string</em> in some place, it should select one of the strings
	  provided by <tt>dpkg-architecture -L</tt>. The strings are in
	  the format <tt><var>os</var>-<var>arch</var></tt>, though the OS
	  part is sometimes elided, as when the OS is Linux.
	</p>

	<p>
	  Note that we don't want to use
	  <tt><var>arch</var>-debian-linux</tt> to apply to the rule
	  <tt><var>architecture</var>-<var>vendor</var>-<var>os</var></tt>
	  since this would make our programs incompatible with other
	  Linux distributions.  We also don't use something like
	  <tt><var>arch</var>-unknown-linux</tt>, since the
	  <tt>unknown</tt> does not look very good.
	</p>

	<sect1 id="arch-wildcard-spec">
          <heading>Architecture wildcards</heading>

          <p>
	    A package may specify an architecture wildcard. Architecture
	    wildcards are in the format <tt>any</tt> (which matches every
	    architecture), <tt><var>os</var></tt>-any, or
	    any-<tt><var>cpu</var></tt>. <footnote>
	      Internally, the package system normalizes the GNU triplets
	      and the Debian arches into Debian arch triplets (which are
	      kind of inverted GNU triplets), with the first component of
	      the triplet representing the libc and ABI in use, and then
	      does matching against those triplets.  However, such
	      triplets are an internal implementation detail that should
	      not be used by packages directly.  The libc and ABI portion
	      is handled internally by the package system based on
	      the <var>os</var> and <var>cpu</var>.
            </footnote>
          </p>
	</sect1>
      </sect>

      <sect>
	<heading>Daemons</heading>

	<p>
	  The configuration files <file>/etc/services</file>,
	  <file>/etc/protocols</file>, and <file>/etc/rpc</file> are managed
	  by the <prgn>netbase</prgn> package and must not be modified
	  by other packages.
	</p>

	<p>
	  If a package requires a new entry in one of these files, the
	  maintainer should get in contact with the
	  <prgn>netbase</prgn> maintainer, who will add the entries
	  and release a new version of the <prgn>netbase</prgn>
	  package.
	</p>

	<p>
	  The configuration file <file>/etc/inetd.conf</file> must not be
	  modified by the package's scripts except via the
	  <prgn>update-inetd</prgn> script or the
	  <file>DebianNet.pm</file> Perl module.  See their documentation
	  for details on how to add entries.
	</p>

	<p>
	  If a package wants to install an example entry into
	  <file>/etc/inetd.conf</file>, the entry must be preceded with
	  exactly one hash character (<tt>#</tt>). Such lines are
	  treated as "commented out by user" by the
	  <prgn>update-inetd</prgn> script and are not changed or
	  activated during package updates.
	</p>
      </sect>

      <sect>
        <heading>Using pseudo-ttys and modifying wtmp, utmp and
        lastlog</heading>

	<p>
	  Some programs need to create pseudo-ttys. This should be done
	  using Unix98 ptys if the C library supports it. The resulting
	  program must not be installed setuid root, unless that
	  is required for other functionality.
	</p>

	<p>
	  The files <file>/var/run/utmp</file>, <file>/var/log/wtmp</file> and
	  <file>/var/log/lastlog</file> must be installed writable by
	  group <tt>utmp</tt>.  Programs which need to modify those
	  files must be installed setgid <tt>utmp</tt>.
	</p>
      </sect>

      <sect>
	<heading>Editors and pagers</heading>

	<p>
	  Some programs have the ability to launch an editor or pager
	  program to edit or display a text document.  Since there are
	  lots of different editors and pagers available in the Debian
	  distribution, the system administrator and each user should
	  have the possibility to choose their preferred editor and
	  pager.
	</p>

	<p>
	  In addition, every program should choose a good default
	  editor/pager if none is selected by the user or system
	  administrator.
	</p>

	<p>
	  Thus, every program that launches an editor or pager must
	  use the EDITOR or PAGER environment variable to determine
	  the editor or pager the user wishes to use.  If these
	  variables are not set, the programs <file>/usr/bin/editor</file>
	  and <file>/usr/bin/pager</file> should be used, respectively.
	</p>

	<p>
	  These two files are managed through the <prgn>dpkg</prgn>
	  "alternatives" mechanism.  Every package providing an editor or
	  pager must call the <prgn>update-alternatives</prgn> script to
	  register as an alternative for <file>/usr/bin/editor</file>
	  or <file>/usr/bin/pager</file> as appropriate.  The alternative
	  should have a slave alternative
	  for <file>/usr/share/man/man1/editor.1.gz</file>
	  or <file>/usr/share/man/man1/pager.1.gz</file> pointing to the
	  corresponding manual page.
	</p>

	<p>
	  If it is very hard to adapt a program to make use of the
	  EDITOR or PAGER variables, that program may be configured to
	  use <file>/usr/bin/sensible-editor</file> and
	  <file>/usr/bin/sensible-pager</file> as the editor or pager
	  program respectively.  These are two scripts provided in the
	  <package>sensible-utils</package> package that check the EDITOR
	  and PAGER variables and launch the appropriate program, and fall
	  back to <file>/usr/bin/editor</file>
	  and <file>/usr/bin/pager</file> if the variable is not set.
	</p>

	<p>
	  A program may also use the VISUAL environment variable to
	  determine the user's choice of editor.  If it exists, it
	  should take precedence over EDITOR.  This is in fact what
	  <file>/usr/bin/sensible-editor</file> does.
	</p>

	<p>
	  It is not required for a package to depend on
	  <tt>editor</tt> and <tt>pager</tt>, nor is it required for a
	  package to provide such virtual packages.<footnote>
	      The Debian base system already provides an editor and a
	      pager program.
	  </footnote>
	</p>
      </sect>

      <sect id="web-appl">
	<heading>Web servers and applications</heading>

	<p>
	  This section describes the locations and URLs that should
	  be used by all web servers and web applications in the
	  Debian system.
	</p>

	<p>
	  <enumlist>
	    <item>
		Cgi-bin executable files are installed in the
		directory
		<example compact="compact">
/usr/lib/cgi-bin
		</example>
		or a subdirectory of that directory, and the script
		<example compact="compact">
/usr/lib/cgi-bin/.../<var>cgi-bin-name</var>
		</example>
		should be referred to as
		<example compact="compact">
http://localhost/cgi-bin/.../<var>cgi-bin-name</var>
		</example>
	    </item>

	    <item>
	      <p>(Deleted)</p>
	    </item>

            <item>
              <p>Access to images</p>
              <p>
                It is recommended that images for a package be stored
                in <tt>/usr/share/images/<var>package</var></tt> and
                may be referred to through an alias <tt>/images/</tt>
                as
                <example>
                  http://localhost/images/&lt;package&gt;/&lt;filename&gt;     
                </example>
                
              </p>
            </item>

	    <item>
	      <p>Web Document Root</p>

	      <p>
		Web Applications should try to avoid storing files in
		the Web Document Root.  Instead they should use the
		/usr/share/doc/<var>package</var> directory for
		documents and register the Web Application via the
		<package>doc-base</package> package.  If access to the
		web document root is unavoidable then use
		<example compact="compact">
/var/www/html
		</example>
		as the Document Root.  This might be just a symbolic
		link to the location where the system administrator
		has put the real document root.
	      </p>
	    </item>
	    <item><p>Providing httpd and/or httpd-cgi</p>
	      <p>
		All web servers should provide the virtual package
		<tt>httpd</tt>. If a web server has CGI support it should
		provide <tt>httpd-cgi</tt> additionally.
	      </p>
	      <p>
		All web applications which do not contain CGI scripts should
		depend on <tt>httpd</tt>, all those web applications which
		<tt>do</tt> contain CGI scripts, should depend on
		<tt>httpd-cgi</tt>.
	      </p>
	    </item>
	  </enumlist>
	</p>
      </sect>

      <sect id="mail-transport-agents">
	<heading>Mail transport, delivery and user agents</heading>

	<p>
	  Debian packages which process electronic mail, whether mail
	  user agents (MUAs) or mail transport agents (MTAs), must
	  ensure that they are compatible with the configuration
	  decisions below.  Failure to do this may result in lost
	  mail, broken <tt>From:</tt> lines, and other serious brain
	  damage!
	</p>

	<p>
	  The mail spool is <file>/var/mail</file> and the interface to
	  send a mail message is <file>/usr/sbin/sendmail</file> (as per
	  the FHS).  On older systems, the mail spool may be
	  physically located in <file>/var/spool/mail</file>, but all
	  access to the mail spool should be via the
	  <file>/var/mail</file> symlink.  The mail spool is part of the
	  base system and not part of the MTA package.
	</p>

	<p>
	  All Debian MUAs, MTAs, MDAs and other mailbox accessing
	  programs (such as IMAP daemons) must lock the mailbox in an
	  NFS-safe way. This means that <tt>fcntl()</tt> locking must
	  be combined with dot locking.  To avoid deadlocks, a program
	  should use <tt>fcntl()</tt> first and dot locking after
	  this, or alternatively implement the two locking methods in
	  a non blocking way<footnote>
	      If it is not possible to establish both locks, the
	      system shouldn't wait for the second lock to be
	      established, but remove the first lock, wait a (random)
	      time, and start over locking again.
	  </footnote>. Using the functions <tt>maillock</tt> and
	  <tt>mailunlock</tt> provided by the
	  <tt>liblockfile*</tt><footnote>
	      You will need to depend on <tt>liblockfile1 (&gt;&gt;1.01)</tt>
	      to use these functions.
	  </footnote> packages is the recommended way to realize this.
	</p>

	<p>
	  Mailboxes are generally either mode 600 and owned by
	  <var>user</var> or mode 660 and owned by
	  <tt><var>user</var>:mail</tt><footnote>
	    There are two traditional permission schemes for mail spools:
	    mode 600 with all mail delivery done by processes running as
	    the destination user, or mode 660 and owned by group mail with
	    mail delivery done by a process running as a system user in
	    group mail.  Historically, Debian required mode 660 mail
	    spools to enable the latter model, but that model has become
	    increasingly uncommon and the principle of least privilege
	    indicates that mail systems that use the first model should
	    use permissions of 600.  If delivery to programs is permitted,
	    it's easier to keep the mail system secure if the delivery
	    agent runs as the destination user.  Debian Policy therefore
	    permits either scheme.
	  </footnote>. The local system administrator may choose a
	  different permission scheme; packages should not make
	  assumptions about the permission and ownership of mailboxes
	  unless required (such as when creating a new mailbox).  A MUA
	  may remove a mailbox (unless it has nonstandard permissions) in
	  which case the MTA or another MUA must recreate it if needed.
	</p>

	<p>
	  The mail spool is 2775 <tt>root:mail</tt>, and MUAs should
	  be setgid mail to do the locking mentioned above (and
	  must obviously avoid accessing other users' mailboxes
	  using this privilege).</p>

	<p>
	  <file>/etc/aliases</file> is the source file for the system mail
	  aliases (e.g., postmaster, usenet, etc.), it is the one
	  which the sysadmin and <prgn>postinst</prgn> scripts may
	  edit.  After <file>/etc/aliases</file> is edited the program or
	  human editing it must call <prgn>newaliases</prgn>.  All MTA
	  packages must come with a <prgn>newaliases</prgn> program,
	  even if it does nothing, but older MTA packages did not do
	  this so programs should not fail if <prgn>newaliases</prgn>
	  cannot be found.  Note that because of this, all MTA
	  packages must have <tt>Provides</tt>, <tt>Conflicts</tt> and
	  <tt>Replaces: mail-transport-agent</tt> control fields.
	</p>

	<p>
	  The convention of writing <tt>forward to
	    <var>address</var></tt> in the mailbox itself is not
	  supported.  Use a <tt>.forward</tt> file instead.</p>

	<p>
	  The <prgn>rmail</prgn> program used by UUCP
	  for incoming mail should be  <file>/usr/sbin/rmail</file>.
	  Likewise, <prgn>rsmtp</prgn>, for receiving
	  batch-SMTP-over-UUCP, should be <file>/usr/sbin/rsmtp</file> if it
	  is supported.</p>

	<p>
	  If your package needs to know what hostname to use on (for
	  example) outgoing news and mail messages which are generated
	  locally, you should use the file <file>/etc/mailname</file>.  It
	  will contain the portion after the username and <tt>@</tt>
	  (at) sign for email addresses of users on the machine
	  (followed by a newline).
	</p>

	<p>
	  Such a package should check for the existence of this file
	  when it is being configured.  If it exists, it should be
	  used without comment, although an MTA's configuration script
	  may wish to prompt the user even if it finds that this file
	  exists.  If the file does not exist, the package should
	  prompt the user for the value (preferably using
	  <prgn>debconf</prgn>) and store it in <file>/etc/mailname</file>
	  as well as using it in the package's configuration.  The
	  prompt should make it clear that the name will not just be
	  used by that package.  For example, in this situation the
	  <tt>inn</tt> package could say something like:
	  <example compact="compact">
Please enter the "mail name" of your system.  This is the
hostname portion of the address to be shown on outgoing
news and mail messages.  The default is
<var>syshostname</var>, your system's host name.  Mail
name ["<var>syshostname</var>"]:
	  </example>
	  where <var>syshostname</var> is the output of <tt>hostname
	    --fqdn</tt>.
	</p>
      </sect>

      <sect>
	<heading>News system configuration</heading>

	<p>
	  All the configuration files related to the NNTP (news)
	  servers and clients should be located under
	  <file>/etc/news</file>.</p>

	<p>
	  There are some configuration issues that apply to a number
	  of news clients and server packages on the machine. These
	  are:

	  <taglist>
	    <tag><file>/etc/news/organization</file></tag>
	    <item>
		A string which should appear as the
		organization header for all messages posted
		by NNTP clients on the machine
	    </item>

	    <tag><file>/etc/news/server</file></tag>
	    <item>
		Contains the FQDN of the upstream NNTP
		server, or localhost if the local machine is
		an NNTP server.
	    </item>
	  </taglist>

	  Other global files may be added as required for cross-package news
	  configuration.
	</p>
      </sect>


      <sect>
	<heading>Programs for the X Window System</heading>

	<sect1>
	  <heading>Providing X support and package priorities</heading>

	  <p>
	    Programs that can be configured with support for the X
	    Window System must be configured to do so and must declare
	    any package dependencies necessary to satisfy their
	    runtime requirements when using the X Window System.  If
	    such a package is of higher priority than the X packages
	    on which it depends, it is required that either the
	    X-specific components be split into a separate package, or
	    that an alternative version of the package, which includes
	    X support, be provided, or that the package's priority be
	    lowered.
	  </p>
	</sect1>

	<sect1>
	  <heading>Packages providing an X server</heading>

	  <p>
	    Packages that provide an X server that, directly or
	    indirectly, communicates with real input and display
	    hardware should declare in their <tt>Provides</tt> control
	    field that they provide the virtual
	    package <tt>xserver</tt>.<footnote>
		This implements current practice, and provides an
		actual policy for usage of the <tt>xserver</tt>
		virtual package which appears in the virtual packages
		list.  In a nutshell, X servers that interface
		directly with the display and input hardware or via
		another subsystem (e.g., GGI) should provide
		<tt>xserver</tt>.  Things like <tt>Xvfb</tt>,
		<tt>Xnest</tt>, and <tt>Xprt</tt> should not.
	    </footnote>
	  </p>
	</sect1>

	<sect1>
	  <heading>Packages providing a terminal emulator</heading>

	  <p>
	    Packages that provide a terminal emulator for the X Window
	    System which meet the criteria listed below should declare in
	    their <tt>Provides</tt> control field that they provide the
	    virtual package <tt>x-terminal-emulator</tt>.  They should
	    also register themselves as an alternative for
	    <file>/usr/bin/x-terminal-emulator</file>, with a priority of
	    20.  That alternative should have a slave alternative
	    for <file>/usr/share/man/man1/x-terminal-emulator.1.gz</file>
	    pointing to the corresponding manual page.
	  </p>

	  <p>
	    To be an <tt>x-terminal-emulator</tt>, a program must:
	    <list compact="compact">
	      <item>
		  Be able to emulate a DEC VT100 terminal, or a
		  compatible terminal.
	      </item>

	      <item>
		  Support the command-line option <tt>-e
		    <var>command</var></tt>, which creates a new
		  terminal window<footnote>
		      "New terminal window" does not necessarily mean
		      a new top-level X window directly parented by
		      the window manager; it could, if the terminal
		      emulator application were so coded, be a new
		      "view" in a multiple-document interface (MDI).
		  </footnote>
		  and runs the specified <var>command</var>,
		  interpreting the entirety of the rest of the command
		  line as a command to pass straight to exec, in the
		  manner that <tt>xterm</tt> does.
	      </item>

	      <item>
		  Support the command-line option <tt>-T
		    <var>title</var></tt>, which creates a new terminal
		  window with the window title <var>title</var>.
	      </item>
	    </list>
	  </p>
	</sect1>

	<sect1>
	  <heading>Packages providing a window manager</heading>

	  <p>
	    Packages that provide a window manager should declare in
	    their <tt>Provides</tt> control field that they provide the
	    virtual package <tt>x-window-manager</tt>.  They should also
	    register themselves as an alternative for
	    <file>/usr/bin/x-window-manager</file>, with a priority
	    calculated as follows:
	    <list compact="compact">
	      <item>
		  Start with a priority of 20.
	      </item>

	      <item>
		  If the window manager supports the Debian menu
		  system, add 20 points if this support is available
		  in the package's default configuration (i.e., no
		  configuration files belonging to the system or user
		  have to be edited to activate the feature); if
		  configuration files must be modified, add only 10
		  points.
		</p>
	      </item>

              <item>
                  If the window manager complies with <url
		    id="http://www.freedesktop.org/wiki/Specifications/wm-spec"
		    name="The Window Manager Specification Project">,
                  written by the <url id="http://www.freedesktop.org/wiki/"
		    name="Free Desktop Group">, add 40 points.
              </item>

	      <item>
		  If the window manager permits the X session to be
		  restarted using a <em>different</em> window manager
		  (without killing the X server) in its default
		  configuration, add 10 points; otherwise add none.
	      </item>
	    </list>
	    That alternative should have a slave alternative
	    for <file>/usr/share/man/man1/x-window-manager.1.gz</file>
	    pointing to the corresponding manual page.
	  </p>
	</sect1>

	<sect1>
	  <heading>Packages providing fonts</heading>

	  <p>
	    Packages that provide fonts for the X Window
	    System<footnote>
		For the purposes of Debian Policy, a "font for the X
		Window System" is one which is accessed via X protocol
		requests.  Fonts for the Linux console, for PostScript
		renderer, or any other purpose, do not fit this
		definition.  Any tool which makes such fonts available
		to the X Window System, however, must abide by this
		font policy.
	    </footnote>
	    must do a number of things to ensure that they are both
	    available without modification of the X or font server
	    configuration, and that they do not corrupt files used by
	    other font packages to register information about
	    themselves.
	    <enumlist>
	      <item>
		  Fonts of any type supported by the X Window System
		  must be in a separate binary package from any
		  executables, libraries, or documentation (except
		  that specific to the fonts shipped, such as their
		  license information).  If one or more of the fonts
		  so packaged are necessary for proper operation of
		  the package with which they are associated the font
		  package may be Recommended; if the fonts merely
		  provide an enhancement, a Suggests relationship may
		  be used.  Packages must not Depend on font
		  packages.<footnote>
		      This is because the X server may retrieve fonts
		      from the local file system or over the network
		      from an X font server; the Debian package system
		      is empowered to deal only with the local
		      file system.
		  </footnote>
	      </item>

	      <item>
		  BDF fonts must be converted to PCF fonts with the
		  <prgn>bdftopcf</prgn> utility (available in the
                  <tt>xfonts-utils</tt> package, <prgn>gzip</prgn>ped, and
		  placed in a directory that corresponds to their
		  resolution:
		  <list compact="compact">
		    <item>
			100 dpi fonts must be placed in
			<file>/usr/share/fonts/X11/100dpi/</file>.
		    </item>

		    <item>
			75 dpi fonts must be placed in
			<file>/usr/share/fonts/X11/75dpi/</file>.
		    </item>

		    <item>
			Character-cell fonts, cursor fonts, and other
			low-resolution fonts must be placed in
			<file>/usr/share/fonts/X11/misc/</file>.
		    </item>
		  </list>
	      </item>

	      <item>
		  Type 1 fonts must be placed in
		  <file>/usr/share/fonts/X11/Type1/</file>.  If font
		  metric files are available, they must be placed here
		  as well.
	      </item>

	      <item>
		  Subdirectories of <file>/usr/share/fonts/X11/</file>
		  other than those listed above must be neither
		  created nor used.  (The <file>PEX</file>, <file>CID</file>,
		  <file>Speedo</file>, and <file>cyrillic</file> directories
		  are excepted for historical reasons, but installation of
		  files into these directories remains discouraged.)
	      </item>

	      <item>
		  Font packages may, instead of placing files directly
		  in the X font directories listed above, provide
		  symbolic links in that font directory pointing to
		  the files' actual location in the filesystem.  Such
		  a location must comply with the FHS.
	      </item>

	      <item>
		  Font packages should not contain both 75dpi and
		  100dpi versions of a font.  If both are available,
		  they should be provided in separate binary packages
		  with <tt>-75dpi</tt> or <tt>-100dpi</tt> appended to
		  the names of the packages containing the
		  corresponding fonts.
	      </item>

	      <item>
		  Fonts destined for the <file>misc</file> subdirectory
		  should not be included in the same package as 75dpi
		  or 100dpi fonts; instead, they should be provided in
		  a separate package with <tt>-misc</tt> appended to
		  its name.
	      </item>

	      <item>
		  Font packages must not provide the files
		  <file>fonts.dir</file>, <file>fonts.alias</file>, or
		  <file>fonts.scale</file> in a font directory:
		  <list>
		    <item>
			<file>fonts.dir</file> files must not be provided at all.
		    </item>

		    <item>
			<file>fonts.alias</file> and <file>fonts.scale</file>
			files, if needed, should be provided in the
			directory
			<file>/etc/X11/fonts/<var>fontdir</var>/<var>package</var>.<var>extension</var></file>,
			where <var>fontdir</var> is the name of the
			subdirectory of
			<file>/usr/share/fonts/X11/</file> where the
			package's corresponding fonts are stored
			(e.g., <tt>75dpi</tt> or <tt>misc</tt>),
			<var>package</var> is the name of the package
			that provides these fonts, and
			<var>extension</var> is either <tt>scale</tt>
			or <tt>alias</tt>, whichever corresponds to
			the file contents.
		    </item>
		  </list>
	      </item>

	      <item>
		  Font packages must declare a dependency on
		  <tt>xfonts-utils</tt> in their <tt>Depends</tt>
		  or <tt>Pre-Depends</tt> control field.
	      </item>

	      <item>
		  Font packages that provide one or more
		  <file>fonts.scale</file> files as described above must
		  invoke <prgn>update-fonts-scale</prgn> on each
		  directory into which they installed fonts
		  <em>before</em> invoking
		  <prgn>update-fonts-dir</prgn> on that directory.
		  This invocation must occur in both the
		  <prgn>postinst</prgn> (for all arguments) and
		  <prgn>postrm</prgn> (for all arguments except
		  <tt>upgrade</tt>) scripts.
	      </item>

	      <item>
		  Font packages that provide one or more
		  <file>fonts.alias</file> files as described above must
		  invoke <prgn>update-fonts-alias</prgn> on each
		  directory into which they installed fonts.  This
		  invocation must occur in both the
		  <prgn>postinst</prgn> (for all arguments) and
		  <prgn>postrm</prgn> (for all arguments except
		  <tt>upgrade</tt>) scripts.
	      </item>

	      <item>
		  Font packages must invoke
		  <prgn>update-fonts-dir</prgn> on each directory into
		  which they installed fonts.  This invocation must
		  occur in both the <prgn>postinst</prgn> (for all
		  arguments) and <prgn>postrm</prgn> (for all
		  arguments except <tt>upgrade</tt>) scripts.
	      </item>

	      <item>
		  Font packages must not provide alias names for the
		  fonts they include which collide with alias names
		  already in use by fonts already packaged.
	      </item>

	      <item>
		  Font packages must not provide fonts with the same
		  XLFD registry name as another font already packaged.
	      </item>
	    </enumlist>
	  </p>
	</sect1>

	<sect1 id="appdefaults">
	  <heading>Application defaults files</heading>

	  <p>
	    Application defaults files must be installed in the
	    directory <file>/etc/X11/app-defaults/</file> (use of a
	    localized subdirectory of <file>/etc/X11/</file> as described
	    in the <em>X Toolkit Intrinsics - C Language
	    Interface</em> manual is also permitted).  They must be
	    registered as <tt>conffile</tt>s or handled as
	    configuration files.
	  </p>

	  <p>
	    Customization of programs' X resources may also be
	    supported with the provision of a file with the same name
	    as that of the package placed in
	    the <file>/etc/X11/Xresources/</file> directory, which
	    must be registered as a <tt>conffile</tt> or handled as a
	    configuration file.<footnote>
		Note that this mechanism is not the same as using
		app-defaults; app-defaults are tied to the client
		binary on the local file system, whereas X resources
		are stored in the X server and affect all connecting
		clients.
	    </footnote>
	  </p>
	</sect1>

	<sect1>
	  <heading>Installation directory issues</heading>

	  <p>
	    Historically, packages using the X Window System used a
	    separate set of installation directories from other packages.
	    This practice has been discontinued and packages using the X
	    Window System should now generally be installed in the same
	    directories as any other package.  Specifically, packages must
	    not install files under the <file>/usr/X11R6/</file> directory
	    and the <file>/usr/X11R6/</file> directory hierarchy should be
	    regarded as obsolete.
	  </p>

	  <p>
	    Include files previously installed under
	    <file>/usr/X11R6/include/X11/</file> should be installed into
	    <file>/usr/include/X11/</file>.  For files previously
	    installed into subdirectories of
	    <file>/usr/X11R6/lib/X11/</file>, package maintainers should
	    determine if subdirectories of <file>/usr/lib/</file> and
	    <file>/usr/share/</file> can be used.  If not, a subdirectory
	    of <file>/usr/lib/X11/</file> should be used.
	  </p>

	  <p>
	    Configuration files for window, display, or session managers
	    or other applications that are tightly integrated with the X
	    Window System may be placed in a subdirectory
	    of <file>/etc/X11/</file> corresponding to the package name.
	    Other X Window System applications should use
	    the <file>/etc/</file> directory unless otherwise mandated by
	    policy (such as for <ref id="appdefaults">).
	  </p>
	</sect1>
      </sect>

      <sect id="perl">
	<heading>Perl programs and modules</heading>

	<p>
	  Perl programs and modules should follow the current Perl policy.
	</p>

	<p>
	  The Perl policy can be found in the <tt>perl-policy</tt>
	  files in the <tt>debian-policy</tt> package.
	  It is also available from the Debian web mirrors at
          <tt><url name="/doc/packaging-manuals/perl-policy/"
		id="http://www.debian.org/doc/packaging-manuals/perl-policy/"></tt>.
	</p>
      </sect>

      <sect id="emacs">
	<heading>Emacs lisp programs</heading>

	<p>
	  Please refer to the "Debian Emacs Policy" for details of how to
	  package emacs lisp programs.
	</p>

	<p>
	  The Emacs policy is available in
	  <file>debian-emacs-policy.gz</file> of the
	  <package>emacsen-common</package> package.
	  It is also available from the Debian web mirrors at
          <tt><url name="/doc/packaging-manuals/debian-emacs-policy"
		id="http://www.debian.org/doc/packaging-manuals/debian-emacs-policy"></tt>.
	</p>
      </sect>

      <sect>
	<heading>Games</heading>

	<p>
	  The permissions on <file>/var/games</file> are mode 755, owner
	  <tt>root</tt> and group <tt>root</tt>.
	</p>

	<p>
	  Each game decides on its own security policy.</p>

	<p>
	  Games which require protected, privileged access to
	  high-score files, saved games, etc., may be made
	  set-<em>group</em>-id (mode 2755) and owned by
	  <tt>root:games</tt>, and use files and directories with
	  appropriate permissions (770 <tt>root:games</tt>, for
	  example).  They must not be made
	  set-<em>user</em>-id, as this causes security problems. (If
	  an attacker can subvert any set-user-id game they can
	  overwrite the executable of any other, causing other players
	  of these games to run a Trojan horse program.  With a
	  set-group-id game the attacker only gets access to less
	  important game data, and if they can get at the other
	  players' accounts at all it will take considerably more
	  effort.)</p>

	<p>
	  Some packages, for example some fortune cookie programs, are
	  configured by the upstream authors to install with their
	  data files or other static information made unreadable so
	  that they can only be accessed through set-id programs
	  provided.  You should not do this in a Debian package: anyone can
	  download the <file>.deb</file> file and read the data from it,
	  so there is no point making the files unreadable.  Not
	  making the files unreadable also means that you don't have
	  to make so many programs set-id, which reduces the risk of a
	  security hole.</p>

	<p>
	  As described in the FHS, binaries of games should be
	  installed in the directory <file>/usr/games</file>. This also
	  applies to games that use the X Window System. Manual pages
	  for games (X and non-X games) should be installed in
	  <file>/usr/share/man/man6</file>.</p>
      </sect>
    </chapt>


    <chapt id="docs">
      <heading>Documentation</heading>

      <sect>
	<heading>Manual pages</heading>

	<p>
	  You should install manual pages in <prgn>nroff</prgn> source
	  form, in appropriate places under <file>/usr/share/man</file>.
	  You should only use sections 1 to 9 (see the FHS for more
	  details).  You must not install a pre-formatted "cat page".
	</p>

	<p>
	  Each program, utility, and function should have an
	  associated manual page included in the same package. It is
	  suggested that all configuration files also have a manual
	  page included as well. Manual pages for protocols and other
	  auxiliary things are optional.
	</p>

	<p>
          If no manual page is available, this is considered as a bug
          and should be reported to the Debian Bug Tracking System (the
          maintainer of the package is allowed to write this bug report
          themselves, if they so desire).  Do not close the bug report
          until a proper man page is available.<footnote>
	      It is not very hard to write a man page. See the
	      <url id="http://www.schweikhardt.net/man_page_howto.html"
		name="Man-Page-HOWTO">,
	      <manref name="man" section="7">, the examples created
	      by <prgn>dh_make</prgn>, the helper
	      program <prgn>help2man</prgn>, or the
	      directory <file>/usr/share/doc/man-db/examples</file>.
          </footnote>
	</p>

	<p>
	  You may forward a complaint about a missing man page to the
	  upstream authors, and mark the bug as forwarded in the
	  Debian bug tracking system.  Even though the GNU Project do
	  not in general consider the lack of a man page to be a bug,
	  we do; if they tell you that they don't consider it a bug
	  you should leave the bug in our bug tracking system open
	  anyway.
        </p>

	<p>
          Manual pages should be installed compressed using <tt>gzip -9</tt>.
        </p>

	<p>
	  If one man page needs to be accessible via several names it
	  is better to use a symbolic link than the <file>.so</file>
	  feature, but there is no need to fiddle with the relevant
	  parts of the upstream source to change from <file>.so</file> to
	  symlinks: don't do it unless it's easy.  You should not
	  create hard links in the manual page directories, nor put
	  absolute filenames in <file>.so</file> directives.  The filename
	  in a <file>.so</file> in a man page should be relative to the
	  base of the man page tree (usually
	  <file>/usr/share/man</file>). If you do not create any links
	  (whether symlinks, hard links, or <tt>.so</tt> directives)
	  in the file system to the alternate names of the man page,
	  then you should not rely on <prgn>man</prgn> finding your
	  man page under those names based solely on the information in
	  the man page's header.<footnote>
	      Supporting this in <prgn>man</prgn> often requires
	      unreasonable processing time to find a manual page or to
	      report that none exists, and moves knowledge into man's
	      database that would be better left in the file system.
	      This support is therefore deprecated and will cease to
	      be present in the future.
 	  </footnote>
 	</p>

	<p>
	  Manual pages in locale-specific subdirectories of
	  <file>/usr/share/man</file> should use either UTF-8 or the usual
	  legacy encoding for that language (normally the one corresponding
	  to the shortest relevant locale name in
	  <file>/usr/share/i18n/SUPPORTED</file>). For example, pages under
	  <file>/usr/share/man/fr</file> should use either UTF-8 or
	  ISO-8859-1.<footnote>
	    <prgn>man</prgn> will automatically detect whether UTF-8 is in
	    use. In future, all manual pages will be required to use
	    UTF-8.
	  </footnote>
	</p>

	<p>
	  A country name (the <tt>DE</tt> in <tt>de_DE</tt>) should not be
	  included in the subdirectory name unless it indicates a
	  significant difference in the language, as this excludes
	  speakers of the language in other countries.<footnote>
	    At the time of writing, Chinese and Portuguese are the main
	    languages with such differences, so <file>pt_BR</file>,
	    <file>zh_CN</file>, and <file>zh_TW</file> are all allowed.
	  </footnote>
	</p>

	<p>
	  If a localized version of a manual page is provided, it should
	  either be up-to-date or it should be obvious to the reader that
	  it is outdated and the original manual page should be used
	  instead.  This can be done either by a note at the beginning of
	  the manual page or by showing the missing or changed portions in
	  the original language instead of the target language.
	</p>
      </sect>

      <sect>
	<heading>Info documents</heading>

	<p>
	  Info documents should be installed in <file>/usr/share/info</file>.
	  They should be compressed with <tt>gzip -9</tt>.
        </p>

	<p>
	  The <prgn>install-info</prgn> program maintains a directory of
	  installed info documents in <file>/usr/share/info/dir</file> for the
	  use of info readers.  This file must not be included in packages
	  other than <package>install-info</package>.
	</p>

	<p>
	  <prgn>install-info</prgn> is automatically invoked when
	  appropriate using dpkg triggers.  Packages other than
	  <package>install-info</package> <em>should not</em> invoke
	  <prgn>install-info</prgn> directly and <em>should not</em>
	  depend on, recommend, or suggest <package>install-info</package>
	  for this purpose.
	</p>

	<p>
	  Info readers requiring the <file>/usr/share/info/dir</file> file
	  should depend on <package>install-info</package>.
	</p>

	<p>
	  Info documents should contain section and directory entry
	  information in the document for the use
	  of <prgn>install-info</prgn>.  The section should be specified
	  via a line starting with <tt>INFO-DIR-SECTION</tt> followed by a
	  space and the section of this info page.  The directory entry or
	  entries should be included between
	  a <tt>START-INFO-DIR-ENTRY</tt> line and
	  an <tt>END-INFO-DIR-ENTRY</tt> line.  For example:
	  <example>
INFO-DIR-SECTION Individual utilities
START-INFO-DIR-ENTRY
* example: (example).               An example info directory entry.
END-INFO-DIR-ENTRY
	  </example>
	  To determine which section to use, you should look
	  at <file>/usr/share/info/dir</file> on your system and choose
	  the most relevant (or create a new section if none of the
	  current sections are relevant).<footnote>
	    Normally, info documents are generated from Texinfo source.
	    To include this information in the generated info document, if
	    it is absent, add commands like:
	    <example>
@dircategory Individual utilities
@direntry
* example: (example).               An example info directory entry.
@end direntry
	    </example>
	    to the Texinfo source of the document and ensure that the info
	    documents are rebuilt from source during the package build.
	  </footnote>
	</p>
      </sect>

      <sect id="docs-additional">
	<heading>Additional documentation</heading>

	<p>
	  Any additional documentation that comes with the package may be
	  installed at the discretion of the package maintainer.  It is
	  often a good idea to include text information files
	  (<file>README</file>s, FAQs, and so forth) that come with the
	  source package in the binary package.  However, you don't need
	  to install the instructions for building and installing the
	  package, of course!
	</p>

	<p>
	  Plain text documentation should be compressed with <tt>gzip
	  -9</tt> unless it is small.
	</p>

	<p>
	  If a package comes with large amounts of documentation that many
	  users of the package will not require, you should create a
	  separate binary package to contain it so that it does not take
	  up disk space on the machines of users who do not need or want
	  it installed.  As a special case of this rule, shared library
	  documentation of any appreciable size should always be packaged
	  with the library development package (<ref id="sharedlibs-dev">)
	  or in a separate documentation package, since shared libraries
	  are frequently installed as dependencies of other packages by
	  users who have little interest in documentation of the library
	  itself.  The documentation package for the
	  package <var>package</var> is conventionally
	  named <var>package</var>-doc
	  (or <var>package</var>-doc-<var>language-code</var> if there are
	  separate documentation packages for multiple languages).
	</p>

	<p>
	  Additional documentation included in the package should be
	  installed under <file>/usr/share/doc/<var>package</var></file>.
	  If the documentation is packaged separately,
	  as <var>package</var>-doc for example, it may be installed under
	  either that path or into the documentation directory for the
	  separate documentation package
	  (<file>/usr/share/doc/<var>package</var>-doc</file> in this
	  example).  However, installing the documentation into the
	  documentation directory of the main package is preferred since
	  it is independent of the packaging method and will be easier for
	  users to find.
	</p>

	<p>
	  Any separate package providing documentation must still install
	  standard documentation files in its
	  own <file>/usr/share/doc</file> directory as specified in the
	  rest of this policy.  See, for example, <ref id="copyrightfile">
	  and <ref id="changelogs">.
	</p>

	<p>
	  Packages must not require the existence of any files in
	  <file>/usr/share/doc/</file> in order to function
	  <footnote>
	    The system administrator should be able to delete files
	    in <file>/usr/share/doc/</file> without causing any programs
	    to break.
	  </footnote>.  Any files that are used or read by programs but
	  are also useful as stand alone documentation should be installed
	  elsewhere, such as
	  under <file>/usr/share/<var>package</var>/</file>, and then
	  included via symbolic links
	  in <file>/usr/share/doc/<var>package</var></file>.
	</p>

	<p>
	  <file>/usr/share/doc/<var>package</var></file> may be a symbolic
	  link to another directory in <file>/usr/share/doc</file> only if
	  the two packages both come from the same source and the
	  first package Depends on the second.<footnote>
            <p>
              Please note that this does not override the section on
              changelog files below, so the file 
              <file>/usr/share/doc/<var>package</var>/changelog.Debian.gz</file>
              must refer to the changelog for the current version of
              <var>package</var> in question. In practice, this means
              that the sources of the target and the destination of the
              symlink must be the same (same source package and
              version). 
            </p>
          </footnote>
	</p>
      </sect>

      <sect>
	<heading>Preferred documentation formats</heading>

	<p>
	  The unification of Debian documentation is being carried out
	  via HTML.</p>

	<p>
	  If the package comes with extensive documentation in a
	  markup format that can be converted to various other formats
	  you should if possible ship HTML versions in a binary
	  package.<footnote>
	      Rationale: The important thing here is that HTML
	      documentation should be available from <em>some</em>
	      binary package.
	  </footnote>
	  The documentation must be installed as specified in
	  <ref id="docs-additional">.
	</p>

	<p>
	  Other formats such as PostScript may be provided at the
	  package maintainer's discretion.
	</p>
      </sect>

      <sect id="copyrightfile">
	<heading>Copyright information</heading>

	<p>
	  Every package must be accompanied by a verbatim copy of its
	  copyright information and distribution license in the file
	  <file>/usr/share/doc/<var>package</var>/copyright</file>. This
	  file must neither be compressed nor be a symbolic link.
	</p>

	<p>
	  In addition, the copyright file must say where the upstream
	  sources (if any) were obtained, and should name the original
	  authors.
	</p>

	<p>
	  Packages in the <em>contrib</em> or <em>non-free</em> archive
	  areas should state in the copyright file that the package is not
	  part of the Debian distribution and briefly explain why.
	</p>

	<p>
	  A copy of the file which will be installed in
	  <file>/usr/share/doc/<var>package</var>/copyright</file> should
	  be in <file>debian/copyright</file> in the source package.
	</p>

	<p>
	  <file>/usr/share/doc/<var>package</var></file> may be a symbolic
	  link to another directory in <file>/usr/share/doc</file> only if
	  the two packages both come from the same source and the
	  first package Depends on the second.  These rules are important
	  because <file>copyright</file> files must be extractable by
	  mechanical means.
	</p>

	<p>
	  Packages distributed under the Apache license (version 2.0), the
	  Artistic license, the GNU GPL (versions 1, 2, or 3), the GNU
	  LGPL (versions 2, 2.1, or 3), and the GNU FDL (versions 1.2 or
	  1.3) should refer to the corresponding files
	  under <file>/usr/share/common-licenses</file>,<footnote>
	    <p>
	      In particular,
              <file>/usr/share/common-licenses/Apache-2.0</file>,
              <file>/usr/share/common-licenses/Artistic</file>,
              <file>/usr/share/common-licenses/GPL-1</file>,
              <file>/usr/share/common-licenses/GPL-2</file>,
              <file>/usr/share/common-licenses/GPL-3</file>,
              <file>/usr/share/common-licenses/LGPL-2</file>,
              <file>/usr/share/common-licenses/LGPL-2.1</file>,
              <file>/usr/share/common-licenses/LGPL-3</file>,
              <file>/usr/share/common-licenses/GFDL-1.2</file>, and
              <file>/usr/share/common-licenses/GFDL-1.3</file>
	      respectively.  The University of California BSD license is
	      also included in <package>base-files</package> as
	      <file>/usr/share/common-licenses/BSD</file>, but given the
	      brevity of this license, its specificity to code whose
	      copyright is held by the Regents of the University of
	      California, and the frequency of minor wording changes, its
	      text should be included in the copyright file rather than
	      referencing this file.
            </p>
          </footnote> rather than quoting them in the copyright
	  file. 
	</p>

	<p>
	  You should not use the copyright file as a general <file>README</file>
	  file.  If your package has such a file it should be
	  installed in <file>/usr/share/doc/<var>package</var>/README</file> or
	  <file>README.Debian</file> or some other appropriate place.
	</p>

	<p>
	  All copyright files must be encoded in UTF-8.
	</p>

	<sect1 id="copyrightformat">
	  <heading>Machine-readable copyright information</heading>

	  <p>
	    A specification for a standard, machine-readable format
	    for <file>debian/copyright</file> files is maintained as part
	    of the <package>debian-policy</package> package.  This
	    document may be found in the <file>copyright-format</file>
	    files in the <package>debian-policy</package> package.  It is
	    also available from the Debian web mirrors at
	    <tt><url name="/doc/packaging-manuals/copyright-format/1.0/"
		     id="http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/"></tt>.
	  </p>

	  <p>
	    Use of this format is optional.
	  </p>
	</sect1>
      </sect>

      <sect>
	<heading>Examples</heading>

	<p>
	  Any examples (configurations, source files, whatever),
	  should be installed in a directory
	  <file>/usr/share/doc/<var>package</var>/examples</file>.  These
	  files should not be referenced by any program: they're there
	  for the benefit of the system administrator and users as
	  documentation only.  Architecture-specific example files
	  should be installed in a directory
	  <file>/usr/lib/<var>package</var>/examples</file> with symbolic
	  links to them from
	  <file>/usr/share/doc/<var>package</var>/examples</file>, or the
	  latter directory itself may be a symbolic link to the
	  former.
	</p>

	<p>
	  If the purpose of a package is to provide examples, then the
	  example files may be installed into
	  <file>/usr/share/doc/<var>package</var></file>.
	</p>
      </sect>

      <sect id="changelogs">
	<heading>Changelog files</heading>

	<p>
	  Packages that are not Debian-native must contain a
	  compressed copy of the <file>debian/changelog</file> file from
	  the Debian source tree in
	  <file>/usr/share/doc/<var>package</var></file> with the name
	  <file>changelog.Debian.gz</file>.
        </p>

        <p>
          If an upstream changelog is available, it should be accessible as
	  <file>/usr/share/doc/<var>package</var>/changelog.gz</file> in
	  plain text.  If the upstream changelog is distributed in
	  HTML, it should be made available in that form as
	  <file>/usr/share/doc/<var>package</var>/changelog.html.gz</file>
	  and a plain text <file>changelog.gz</file> should be generated
	  from it using, for example, <tt>lynx -dump -nolist</tt>.  If
	  the upstream changelog files do not already conform to this
	  naming convention, then this may be achieved either by
	  renaming the files, or by adding a symbolic link, at the
	  maintainer's discretion.<footnote>
	      Rationale: People should not have to look in places for
	      upstream changelogs merely because they are given
	      different names or are distributed in HTML format.
	  </footnote>
	</p>

	<p>
	  All of these files should be installed compressed using
	  <tt>gzip -9</tt>, as they will become large with time even
	  if they start out small.
	</p>

	<p>
	  If the package has only one changelog which is used both as
	  the Debian changelog and the upstream one because there is
	  no separate upstream maintainer then that changelog should
	  usually be installed as
	  <file>/usr/share/doc/<var>package</var>/changelog.gz</file>; if
	  there is a separate upstream maintainer, but no upstream
	  changelog, then the Debian changelog should still be called
	  <file>changelog.Debian.gz</file>.
	</p>

	<p>
	  For details about the format and contents of the Debian
	  changelog file, please see <ref id="dpkgchangelog">.
	</p>
      </sect>
    </chapt>

    <appendix id="pkg-scope">
      <heading>Introduction and scope of these appendices</heading>

      <p>
	These appendices are taken essentially verbatim from the
	now-deprecated Packaging Manual, version 3.2.1.0.  They are
	the chapters which are likely to be of use to package
	maintainers and which have not already been included in the
	policy document itself. Most of these sections are very likely
	not relevant to policy; they should be treated as
	documentation for the packaging system. Please note that these
	appendices are included for convenience, and for historical
	reasons: they used to be part of policy package, and they have
	not yet been incorporated into dpkg documentation. However,
	they still have value, and hence they are presented here.
      </p>

      <p>
	They have not yet been checked to ensure that they are
	compatible with the contents of policy, and if there are any
	contradictions, the version in the main policy document takes
	precedence.  The remaining chapters of the old Packaging
	Manual have also not been read in detail to ensure that there
	are not parts which have been left out.  Both of these will be
	done in due course.
      </p>

      <p>
	Certain parts of the Packaging manual were integrated into the
	Policy Manual proper, and removed from the appendices. Links
	have been placed from the old locations to the new ones.
      </p>

      <p>
	<prgn>dpkg</prgn> is a suite of programs for creating binary
	package files and installing and removing them on Unix
	systems.<footnote>
	    <prgn>dpkg</prgn> is targeted primarily at Debian, but may
	    work on or be ported to other systems.
	</footnote>
      </p>

      <p>
	The binary packages are designed for the management of
	installed executable programs (usually compiled binaries) and
	their associated data, though source code examples and
	documentation are provided as part of some packages.</p>

      <p>
	This manual describes the technical aspects of creating Debian
	binary packages (<file>.deb</file> files).  It documents the
	behavior of the package management programs
	<prgn>dpkg</prgn>, <prgn>dselect</prgn> et al. and the way
	they interact with packages.</p>

      <p>
	This manual does not go into detail about the options and
	usage of the package building and installation tools.  It
	should therefore be read in conjunction with those programs'
	man pages.
      </p>

      <p>
	The utility programs which are provided with <prgn>dpkg</prgn>
	not described in detail here, are documented in their man pages.
      </p>

      <p>
	It is assumed that the reader is reasonably familiar with the
	<prgn>dpkg</prgn> System Administrators' manual.
	Unfortunately this manual does not yet exist.
      </p>

      <p>
	The Debian version of the FSF's GNU hello program is provided as
	an example for people wishing to create Debian packages. However,
	while the examples are helpful, they do not replace the need to
	read and follow the Policy and Programmer's Manual.</p>
    </appendix>

    <appendix id="pkg-binarypkg">
      <heading>Binary packages (from old Packaging Manual)</heading>

      <p>
	See <manref name="deb" section="5"> and <ref id="pkg-controlarea">.
      </p>

      <sect id="pkg-bincreating"><heading>Creating package files -
      <prgn>dpkg-deb</prgn>
	</heading>

	<p>
	  All manipulation of binary package files is done by
	  <prgn>dpkg-deb</prgn>; it's the only program that has
	  knowledge of the format.  (<prgn>dpkg-deb</prgn> may be
	  invoked by calling <prgn>dpkg</prgn>, as <prgn>dpkg</prgn>
	  will spot that the options requested are appropriate to
	  <prgn>dpkg-deb</prgn> and invoke that instead with the same
	  arguments.)
	</p>

	<p>
	  In order to create a binary package you must make a
	  directory tree which contains all the files and directories
	  you want to have in the file system data part of the package.
	  In Debian-format source packages this directory is usually
	  <file>debian/tmp</file>, relative to the top of the package's
	  source tree.
	</p>

	<p>
	  They should have the locations (relative to the root of the
	  directory tree you're constructing) ownerships and
	  permissions which you want them to have on the system when
	  they are installed.
	</p>

	<p>
	  With current versions of <prgn>dpkg</prgn> the uid/username
	  and gid/groupname mappings for the users and groups being
	  used should be the same on the system where the package is
	  built and the one where it is installed.
	</p>

	<p>
	  You need to add one special directory to the root of the
	  miniature file system tree you're creating:
	  <prgn>DEBIAN</prgn>.  It should contain the control
	  information files, notably the binary package control file
	  (see <ref id="pkg-controlfile">).
	</p>

	<p>
	  The <prgn>DEBIAN</prgn> directory will not appear in the
	  file system archive of the package, and so won't be installed
	  by <prgn>dpkg</prgn> when the package is unpacked.
	</p>

	<p>
	  When you've prepared the package, you should invoke:
	  <example>
  dpkg --build <var>directory</var>
	  </example>
	</p>

	<p>
	  This will build the package in
	  <file><var>directory</var>.deb</file>.  (<prgn>dpkg</prgn> knows
	  that <tt>--build</tt> is a <prgn>dpkg-deb</prgn> option, so
	  it invokes <prgn>dpkg-deb</prgn> with the same arguments to
	  build the package.)
	</p>

	<p>
	  See the man page <manref name="dpkg-deb" section="8"> for details of how
	  to examine the contents of this newly-created file.  You may find the
	  output of following commands enlightening:
	  <example>
  dpkg-deb --info <var>filename</var>.deb
  dpkg-deb --contents <var>filename</var>.deb
  dpkg --contents <var>filename</var>.deb
	  </example>
	  To view the copyright file for a package you could use this command:
	  <example>
  dpkg --fsys-tarfile <var>filename</var>.deb | tar xOf - --wildcards \*/copyright | pager
	  </example>
	</p>
      </sect>

      <sect id="pkg-controlarea">
	<heading>Package control information files</heading>

	<p>
	  The control information portion of a binary package is a
	  collection of files with names known to <prgn>dpkg</prgn>.
	  It will treat the contents of these files specially - some
	  of them contain information used by <prgn>dpkg</prgn> when
	  installing or removing the package; others are scripts which
	  the package maintainer wants <prgn>dpkg</prgn> to run.
	</p>

	<p>
	  It is possible to put other files in the package control
	  information file area, but this is not generally a good idea
	  (though they will largely be ignored).
	</p>

	<p>
	  Here is a brief list of the control information files supported
	  by <prgn>dpkg</prgn> and a summary of what they're used for.
	</p>

	<p>
	  <taglist>
	    <tag><tt>control</tt>
	    <item>
	      <p>
		This is the key description file used by
		<prgn>dpkg</prgn>.  It specifies the package's name
		and version, gives its description for the user,
		states its relationships with other packages, and so
		forth.  See <ref id="sourcecontrolfiles"> and
		<ref id="binarycontrolfiles">.
	      </p>

	      <p>
		It is usually generated automatically from information
		in the source package by the
		<prgn>dpkg-gencontrol</prgn> program, and with
		assistance from <prgn>dpkg-shlibdeps</prgn>.
		See <ref id="pkg-sourcetools">.
	      </p>
	    </item>

	    <tag><tt>postinst</tt>, <tt>preinst</tt>, <tt>postrm</tt>,
		 <tt>prerm</tt>
	    </tag>
	    <item>
	      <p>
		These are executable files (usually scripts) which
		<prgn>dpkg</prgn> runs during installation, upgrade
		and removal of packages.  They allow the package to
		deal with matters which are particular to that package
		or require more complicated processing than that
		provided by <prgn>dpkg</prgn>.  Details of when and
		how they are called are in <ref id="maintainerscripts">.
	      </p>

	      <p>
		It is very important to make these scripts idempotent.
		See <ref id="idempotency">.
	      </p>

	      <p>
		The maintainer scripts are not guaranteed to run with a
		controlling terminal and may not be able to interact with
		the user.  See <ref id="controllingterminal">.
	      </p>
	    </item>

	    <tag><tt>conffiles</tt>
	    </tag>
	    <item>
		This file contains a list of configuration files which
		are to be handled automatically by <prgn>dpkg</prgn>
		(see <ref id="pkg-conffiles">).  Note that not necessarily
		every configuration file should be listed here.
	    </item>

	    <tag><tt>shlibs</tt>
	    </tag>
	    <item>
		This file contains a list of the shared libraries
		supplied by the package, with dependency details for
		each.  This is used by <prgn>dpkg-shlibdeps</prgn>
		when it determines what dependencies are required in a
		package control file. The <tt>shlibs</tt> file format
		is described on <ref id="shlibs">.
	    </item>
	  </taglist>
	</p>

      <sect id="pkg-controlfile">
	<heading>The main control information file: <tt>control</tt></heading>

	<p>
	  The most important control information file used by
	  <prgn>dpkg</prgn> when it installs a package is
	  <tt>control</tt>.  It contains all the package's "vital
	  statistics".
	</p>

	<p>
	  The binary package control files of packages built from
	  Debian sources are made by a special tool,
	  <prgn>dpkg-gencontrol</prgn>, which reads
	  <file>debian/control</file> and <file>debian/changelog</file> to
	  find the information it needs.  See <ref id="pkg-sourcepkg"> for
	  more details.
	</p>

	<p>
	  The fields in binary package control files are listed in
	  <ref id="binarycontrolfiles">.
	</p>

	<p>
	  A description of the syntax of control files and the purpose
	  of the fields is available in <ref id="controlfields">.
	</p>
      </sect>

      <sect>
	<heading>Time Stamps</heading>

	<p>
	  See <ref id="timestamps">.
	</p>
      </sect>
    </appendix>

    <appendix id="pkg-sourcepkg">
      <heading>Source packages (from old Packaging Manual) </heading>

      <p>
	The Debian binary packages in the distribution are generated
	from Debian sources, which are in a special format to assist
	the easy and automatic building of binaries.
      </p>

      <sect id="pkg-sourcetools">
	<heading>Tools for processing source packages</heading>

	<p>
	  Various tools are provided for manipulating source packages;
	  they pack and unpack sources and help build of binary
	  packages and help manage the distribution of new versions.
	</p>

	<p>
	  They are introduced and typical uses described here; see
	  <manref name="dpkg-source" section="1"> for full
	  documentation about their arguments and operation.
	</p>

	<p>
	  For examples of how to construct a Debian source package,
	  and how to use those utilities that are used by Debian
	  source packages, please see the <prgn>hello</prgn> example
	  package.
	</p>

	<sect1 id="pkg-dpkg-source">
	  <heading>
	    <prgn>dpkg-source</prgn> - packs and unpacks Debian source
	    packages
	  </heading>

	  <p>
	    This program is frequently used by hand, and is also
	    called from package-independent automated building scripts
	    such as <prgn>dpkg-buildpackage</prgn>.
	  </p>

	  <p>
	    To unpack a package it is typically invoked with
	    <example>
  dpkg-source -x <var>.../path/to/filename</var>.dsc
	    </example>
	  </p>

	   <p>
	    with the <file><var>filename</var>.tar.gz</file> and
	    <file><var>filename</var>.diff.gz</file> (if applicable) in
	    the same directory.  It unpacks into
	    <file><var>package</var>-<var>version</var></file>, and if
	    applicable
	    <file><var>package</var>-<var>version</var>.orig</file>, in
	    the current directory.
	  </p>

	  <p>
	    To create a packed source archive it is typically invoked:
	    <example>
  dpkg-source -b <var>package</var>-<var>version</var>
	  </example>
	  </p>

	  <p>
	    This will create the <file>.dsc</file>, <file>.tar.gz</file> and
	    <file>.diff.gz</file> (if appropriate) in the current
	    directory.  <prgn>dpkg-source</prgn> does not clean the
	    source tree first - this must be done separately if it is
	    required.
	  </p>

	  <p>
	    See also <ref id="pkg-sourcearchives">.</p>
	</sect1>


	<sect1 id="pkg-dpkg-buildpackage">
	  <heading>
	    <prgn>dpkg-buildpackage</prgn> - overall package-building
	    control script
	  </heading>

	  <p>
	    See <manref name="dpkg-buildpackage" section="1">.
	  </p>
	</sect1>

	<sect1 id="pkg-dpkg-gencontrol">
	  <heading>
	    <prgn>dpkg-gencontrol</prgn> - generates binary package
	    control files
	  </heading>

	  <p>
	    This program is usually called from <file>debian/rules</file>
	    (see <ref id="pkg-sourcetree">) in the top level of the source
	    tree.
	  </p>

	  <p>
	    This is usually done just before the files and directories in the
	    temporary directory tree where the package is being built have their
	    permissions and ownerships set and the package is constructed using
	    <prgn>dpkg-deb/</prgn>
	      <footnote>
		This is so that the control file which is produced has
		the right permissions
	    </footnote>.
	  </p>

	  <p>
	    <prgn>dpkg-gencontrol</prgn> must be called after all the
	    files which are to go into the package have been placed in
	    the temporary build directory, so that its calculation of
	    the installed size of a package is correct.
	  </p>

	  <p>
	    It is also necessary for <prgn>dpkg-gencontrol</prgn> to
	    be run after <prgn>dpkg-shlibdeps</prgn> so that the
	    variable substitutions created by
	    <prgn>dpkg-shlibdeps</prgn> in <file>debian/substvars</file>
	    are available.
	  </p>

	  <p>
	    For a package which generates only one binary package, and
	    which builds it in <file>debian/tmp</file> relative to the top
	    of the source package, it is usually sufficient to call
	    <prgn>dpkg-gencontrol</prgn>.
	  </p>

	  <p>
	    Sources which build several binaries will typically need
	    something like:
	    <example>
  dpkg-gencontrol -Pdebian/tmp-<var>pkg</var> -p<var>package</var>
	    </example> The <tt>-P</tt> tells
	    <prgn>dpkg-gencontrol</prgn> that the package is being
	    built in a non-default directory, and the <tt>-p</tt>
	    tells it which package's control file should be generated.
	  </p>

	  <p>
	    <prgn>dpkg-gencontrol</prgn> also adds information to the
	    list of files in <file>debian/files</file>, for the benefit of
	    (for example) a future invocation of
	    <prgn>dpkg-genchanges</prgn>.</p>
	</sect1>

	<sect1 id="pkg-dpkg-shlibdeps">
	  <heading>
	    <prgn>dpkg-shlibdeps</prgn> - calculates shared library
	    dependencies
	  </heading>

	  <p>
	    See <manref name="dpkg-shlibdeps" section="1">.
	  </p>
	</sect1>

	<sect1 id="pkg-dpkg-distaddfile">
	  <heading>
	    <prgn>dpkg-distaddfile</prgn> - adds a file to
	    <file>debian/files</file>
	  </heading>

	  <p>
	    Some packages' uploads need to include files other than
	    the source and binary package files.
	  </p>

	  <p>
	    <prgn>dpkg-distaddfile</prgn> adds a file to the
	    <file>debian/files</file> file so that it will be included in
	    the <file>.changes</file> file when
	    <prgn>dpkg-genchanges</prgn> is run.
	  </p>

	  <p>
	    It is usually invoked from the <tt>binary</tt> target of
	    <file>debian/rules</file>:
	    <example>
  dpkg-distaddfile <var>filename</var> <var>section</var> <var>priority</var>
	    </example>
	    The <var>filename</var> is relative to the directory where
	    <prgn>dpkg-genchanges</prgn> will expect to find it - this
	    is usually the directory above the top level of the source
	    tree.  The <file>debian/rules</file> target should put the
	    file there just before or just after calling
	    <prgn>dpkg-distaddfile</prgn>.
	  </p>

	  <p>
	    The <var>section</var> and <var>priority</var> are passed
	    unchanged into the resulting <file>.changes</file> file.
	  </p>
	</sect1>


	<sect1 id="pkg-dpkg-genchanges">
	  <heading>
	    <prgn>dpkg-genchanges</prgn> - generates a <file>.changes</file>
	    upload control file
	  </heading>

	  <p>
	    See <manref name="dpkg-genchanges" section="1">.
	  </p>
	</sect1>

	<sect1 id="pkg-dpkg-parsechangelog">
          <heading>
            <prgn>dpkg-parsechangelog</prgn> - produces parsed
	    representation of a changelog
	  </heading>

	  <p>
	    See <manref name="dpkg-parsechangelog" section="1">.
	  </p>
	</sect1>

        <sect1 id="pkg-dpkg-architecture">
	  <heading>
	    <prgn>dpkg-architecture</prgn> - information about the build and
	    host system
          </heading>

          <p>
	    See <manref name="dpkg-architecture" section="1">.
          </p>
        </sect1>
      </sect>

      <sect id="pkg-sourcetree">
	<heading>The Debian package source tree</heading>

	<p>
	  The source archive scheme described later is intended to
	  allow a Debian package source tree with some associated
	  control information to be reproduced and transported easily.
	  The Debian package source tree is a version of the original
	  program with certain files added for the benefit of the
	  packaging process, and with any other changes required
	  made to the rest of the source code and installation
	  scripts.
	</p>

	<p>
	  The extra files created for Debian are in the subdirectory
	  <file>debian</file> of the top level of the Debian package
	  source tree. They are described below.
	</p>

	<sect1 id="pkg-debianrules">
	  <heading><file>debian/rules</file> - the main building script</heading>

	  <p>
	    See <ref id="debianrules">.
	  </p>
	</sect1>

	<sect1 id="pkg-srcsubstvars">
	  <heading><file>debian/substvars</file> and variable substitutions</heading>

	  <p>
	    See <ref id="substvars">.
	  </p>

	</sect1>

	<sect1>
	  <heading><file>debian/files</file></heading>

	  <p>
	    See <ref id="debianfiles">.
	  </p>
	</sect1>

	<sect1><heading><file>debian/tmp</file>
	  </heading>

	  <p>
	    This is the canonical temporary location for the
	    construction of binary packages by the <tt>binary</tt>
	    target.  The directory <file>tmp</file> serves as the root of
	    the file system tree as it is being constructed (for
	    example, by using the package's upstream makefiles install
	    targets and redirecting the output there), and it also
	    contains the <tt>DEBIAN</tt> subdirectory.  See <ref
	    id="pkg-bincreating">.
	  </p>

	  <p>
	    If several binary packages are generated from the same
	    source tree it is usual to use several
	    <file>debian/tmp<var>something</var></file> directories, for
	    example <file>tmp-a</file> or <file>tmp-doc</file>.
	  </p>

	  <p>
	    Whatever <file>tmp</file> directories are created and used by
	    <tt>binary</tt> must of course be removed by the
	    <tt>clean</tt> target.</p></sect1>
      </sect>


      <sect id="pkg-sourcearchives"><heading>Source packages as archives
	</heading>

	<p>
	  As it exists on the FTP site, a Debian source package
	  consists of three related files.  You must have the right
	  versions of all three to be able to use them.
	</p>

	<p>
	  <taglist>
	    <tag>Debian source control file - <tt>.dsc</tt></tag>
	    <item>
		This file is a control file used by <prgn>dpkg-source</prgn>
		to extract a source package.
		See <ref id="debiansourcecontrolfiles">.
	    </item>

	    <tag>
	      Original source archive -
	      <file>
		<var>package</var>_<var>upstream-version</var>.orig.tar.gz
	      </file>
	    </tag>

	    <item>
	      <p>
		This is a compressed (with <tt>gzip -9</tt>)
		<prgn>tar</prgn> file containing the source code from
		the upstream authors of the program.
	      </p>
	    </item>

	    <tag>
	      Debian package diff -
	      <file>
		<var>package</var>_<var>upstream_version-revision</var>.diff.gz
	      </file>
	    </tag>
	    <item>

	      <p>
		This is a unified context diff (<tt>diff -u</tt>)
		giving the changes which are required to turn the
		original source into the Debian source.  These changes
		may only include editing and creating plain files.
		The permissions of files, the targets of symbolic
		links and the characteristics of special files or
		pipes may not be changed and no files may be removed
		or renamed.
	      </p>

	      <p>
		All the directories in the diff must exist, except the
		<file>debian</file> subdirectory of the top of the source
		tree, which will be created by
		<prgn>dpkg-source</prgn> if necessary when unpacking.
	      </p>

	      <p>
		The <prgn>dpkg-source</prgn> program will
		automatically make the <file>debian/rules</file> file
		executable (see below).</p></item>
	  </taglist>
	</p>

	<p>
	  If there is no original source code - for example, if the
	  package is specially prepared for Debian or the Debian
	  maintainer is the same as the upstream maintainer - the
	  format is slightly different: then there is no diff, and the
	  tarfile is named
	  <file><var>package</var>_<var>version</var>.tar.gz</file>,
	  and preferably contains a directory named
	  <file><var>package</var>-<var>version</var></file>.
	</p>
      </sect>

      <sect>
	<heading>Unpacking a Debian source package without <prgn>dpkg-source</prgn></heading>

	<p>
	  <tt>dpkg-source -x</tt> is the recommended way to unpack a
	  Debian source package.  However, if it is not available it
	  is possible to unpack a Debian source archive as follows:
	<enumlist compact="compact">
	  <item>
	    <p>
	      Untar the tarfile, which will create a <file>.orig</file>
	      directory.</p>
	  </item>
	  <item>
	    <p>Rename the <file>.orig</file> directory to
	      <file><var>package</var>-<var>version</var></file>.</p>
	  </item>
	    <item>
	    <p>
	      Create the subdirectory <file>debian</file> at the top of
	      the source tree.</p>
	  </item>
	  <item><p>Apply the diff using <tt>patch -p0</tt>.</p>
	  </item>
	  <item><p>Untar the tarfile again if you want a copy of the original
	      source code alongside the Debian version.</p>
	  </item>
	</enumlist>

	<p>
	  It is not possible to generate a valid Debian source archive
	  without using <prgn>dpkg-source</prgn>.  In particular,
	  attempting to use <prgn>diff</prgn> directly to generate the
	  <file>.diff.gz</file> file will not work.
	</p>

	<sect1>
	  <heading>Restrictions on objects in source packages</heading>

	  <p>
	    The source package may not contain any hard links
	    <footnote>
		This is not currently detected when building source
		packages, but only when extracting
		them.
	    </footnote>
	    <footnote>
		Hard links may be permitted at some point in the
		future, but would require a fair amount of
		work.
	    </footnote>, device special files, sockets or setuid or
	    setgid files.
	    <footnote>
		Setgid directories are allowed.
	    </footnote>
	  </p>

	  <p>
	    The source packaging tools manage the changes between the
	    original and Debian source using <prgn>diff</prgn> and
	    <prgn>patch</prgn>.  Turning the original source tree as
	    included in the <file>.orig.tar.gz</file> into the Debian
	    package source must not involve any changes which cannot be
	    handled by these tools.  Problematic changes which cause
	    <prgn>dpkg-source</prgn> to halt with an error when
	    building the source package are:
	    <list compact="compact">
	      <item><p>Adding or removing symbolic links, sockets or pipes.</p>
	      </item>
	      <item><p>Changing the targets of symbolic links.</p>
	      </item>
	      <item><p>Creating directories, other than <file>debian</file>.</p>
	      </item>
	      <item><p>Changes to the contents of binary files.</p></item>
	    </list> Changes which cause <prgn>dpkg-source</prgn> to
	    print a warning but continue anyway are:
	    <list compact="compact">
	      <item>
		<p>
		  Removing files, directories or symlinks.
		  <footnote>
		      Renaming a file is not treated specially - it is
		      seen as the removal of the old file (which
		      generates a warning, but is otherwise ignored),
		      and the creation of the new one.
		  </footnote>
		</p>
	      </item>
	      <item>
		<p>
		  Changed text files which are missing the usual final
		  newline (either in the original or the modified
		  source tree).
		</p>
	      </item>
	    </list>
	    Changes which are not represented, but which are not detected by
	    <prgn>dpkg-source</prgn>, are:
	    <list compact="compact">
	      <item><p>Changing the permissions of files (other than
		  <file>debian/rules</file>) and directories.</p></item>
	    </list>
	  </p>

	  <p>
	    The <file>debian</file> directory and <file>debian/rules</file>
	    are handled specially by <prgn>dpkg-source</prgn> - before
	    applying the changes it will create the <file>debian</file>
	    directory, and afterwards it will make
	    <file>debian/rules</file> world-executable.
	  </p>
	</sect1>
      </sect>
    </appendix>

    <appendix id="pkg-controlfields">
      <heading>Control files and their fields (from old Packaging Manual)</heading>

      <p>
	Many of the tools in the <prgn>dpkg</prgn> suite manipulate
	data in a common format, known as control files.  Binary and
	source packages have control data as do the <file>.changes</file>
	files which control the installation of uploaded files, and
	<prgn>dpkg</prgn>'s internal databases are in a similar
	format.
      </p>

      <sect>
	<heading>Syntax of control files</heading>

	<p>
	  See <ref id="controlsyntax">.
	</p>

	<p>
	  It is important to note that there are several fields which
	  are optional as far as <prgn>dpkg</prgn> and the related
	  tools are concerned, but which must appear in every Debian
	  package, or whose omission may cause problems.
	</p>
      </sect>

      <sect>
	<heading>List of fields</heading>

	<p>
	  See <ref id="controlfieldslist">.
	</p>

	<p>
	  This section now contains only the fields that didn't belong
	  to the Policy manual.
	</p>

	<sect1 id="pkg-f-Filename">
	  <heading><tt>Filename</tt> and <tt>MSDOS-Filename</tt></heading>

	  <p>
	    These fields in <tt>Packages</tt> files give the
	    filename(s) of (the parts of) a package in the
	    distribution directories, relative to the root of the
	    Debian hierarchy.  If the package has been split into
	    several parts the parts are all listed in order, separated
	    by spaces.
	  </p>
	</sect1>

	<sect1 id="pkg-f-Size">
	  <heading><tt>Size</tt> and <tt>MD5sum</tt></heading>

	  <p>
	    These fields in <file>Packages</file> files give the size (in
	    bytes, expressed in decimal) and MD5 checksum of the
	    file(s) which make(s) up a binary package in the
	    distribution.  If the package is split into several parts
	    the values for the parts are listed in order, separated by
	    spaces.
	  </p>
	</sect1>

	<sect1 id="pkg-f-Status">
	  <heading><tt>Status</tt></heading>

	  <p>
	    This field in <prgn>dpkg</prgn>'s status file records
	    whether the user wants a package installed, removed or
	    left alone, whether it is broken (requiring
	    re-installation) or not and what its current state on the
	    system is.  Each of these pieces of information is a
	    single word.
	  </p>
	</sect1>

	<sect1 id="pkg-f-Config-Version">
	  <heading><tt>Config-Version</tt></heading>

	  <p>
	    If a package is not installed or not configured, this
	    field in <prgn>dpkg</prgn>'s status file records the last
	    version of the package which was successfully
	    configured.
	  </p>
	</sect1>

	<sect1 id="pkg-f-Conffiles">
	  <heading><tt>Conffiles</tt></heading>

	  <p>
	    This field in <prgn>dpkg</prgn>'s status file contains
	    information about the automatically-managed configuration
	    files held by a package.  This field should <em>not</em>
	    appear anywhere in a package!
	  </p>
	</sect1>

	<sect1>
	  <heading>Obsolete fields</heading>

	  <p>
	    These are still recognized by <prgn>dpkg</prgn> but should
	    not appear anywhere any more.

	    <taglist compact="compact">

	      <tag><tt>Revision</tt></tag>
	      <tag><tt>Package-Revision</tt></tag>
	      <tag><tt>Package_Revision</tt></tag>
	      <item>
		  The Debian revision part of the package version was
		  at one point in a separate control field.  This
		  field went through several names.
	      </item>

	      <tag><tt>Recommended</tt></tag>
	      <item>Old name for <tt>Recommends</tt>.</item>

	      <tag><tt>Optional</tt></tag>
	      <item>Old name for <tt>Suggests</tt>.</item>

	      <tag><tt>Class</tt></tag>
	      <item>Old name for <tt>Priority</tt>.</item>

	    </taglist>
	  </p>
	</sect1>
      </sect>

    </appendix>

    <appendix id="pkg-conffiles">
      <heading>Configuration file handling (from old Packaging Manual)</heading>

      <p>
	<prgn>dpkg</prgn> can do a certain amount of automatic
	handling of package configuration files.
      </p>

      <p>
	Whether this mechanism is appropriate depends on a number of
	factors, but basically there are two approaches to any
	particular configuration file.
      </p>

      <p>
	The easy method is to ship a best-effort configuration in the
	package, and use <prgn>dpkg</prgn>'s conffile mechanism to
	handle updates.  If the user is unlikely to want to edit the
	file, but you need them to be able to without losing their
	changes, and a new package with a changed version of the file
	is only released infrequently, this is a good approach.
      </p>

      <p>
	The hard method is to build the configuration file from
	scratch in the <prgn>postinst</prgn> script, and to take the
	responsibility for fixing any mistakes made in earlier
	versions of the package automatically.  This will be
	appropriate if the file is likely to need to be different on
	each system.
      </p>

      <sect><heading>Automatic handling of configuration files by
      <prgn>dpkg</prgn>
	</heading>

	<p>
	  A package may contain a control information file called
	  <tt>conffiles</tt>.  This file should be a list of filenames
	  of configuration files needing automatic handling, separated
	  by newlines.  The filenames should be absolute pathnames,
	  and the files referred to should actually exist in the
	  package.
	</p>

	<p>
	  When a package is upgraded <prgn>dpkg</prgn> will process
	  the configuration files during the configuration stage,
	  shortly before it runs the package's <prgn>postinst</prgn>
	  script,
	</p>

	<p>
	  For each file it checks to see whether the version of the
	  file included in the package is the same as the one that was
	  included in the last version of the package (the one that is
	  being upgraded from); it also compares the version currently
	  installed on the system with the one shipped with the last
	  version.
	</p>

	<p>
	  If neither the user nor the package maintainer has changed
	  the file, it is left alone.  If one or the other has changed
	  their version, then the changed version is preferred - i.e.,
	  if the user edits their file, but the package maintainer
	  doesn't ship a different version, the user's changes will
	  stay, silently, but if the maintainer ships a new version
	  and the user hasn't edited it the new version will be
	  installed (with an informative message).  If both have
	  changed their version the user is prompted about the problem
	  and must resolve the differences themselves.
	</p>

	<p>
	  The comparisons are done by calculating the MD5 message
	  digests of the files, and storing the MD5 of the file as it
	  was included in the most recent version of the package.
	</p>

	<p>
	  When a package is installed for the first time
	  <prgn>dpkg</prgn> will install the file that comes with it,
	  unless that would mean overwriting a file already on the
	  file system.
	</p>

	<p>
	  However, note that <prgn>dpkg</prgn> will <em>not</em>
	  replace a conffile that was removed by the user (or by a
	  script).  This is necessary because with some programs a
	  missing file produces an effect hard or impossible to
	  achieve in another way, so that a missing file needs to be
	  kept that way if the user did it.
	</p>

	<p>
	  Note that a package should <em>not</em> modify a
	  <prgn>dpkg</prgn>-handled conffile in its maintainer
	  scripts.  Doing this will lead to <prgn>dpkg</prgn> giving
	  the user confusing and possibly dangerous options for
	  conffile update when the package is upgraded.</p>
      </sect>

      <sect><heading>Fully-featured maintainer script configuration
      handling
	</heading>

	<p>
	  For files which contain site-specific information such as
	  the hostname and networking details and so forth, it is
	  better to create the file in the package's
	  <prgn>postinst</prgn> script.
	</p>

	<p>
	  This will typically involve examining the state of the rest
	  of the system to determine values and other information, and
	  may involve prompting the user for some information which
	  can't be obtained some other way.
	</p>

	<p>
	  When using this method there are a couple of important
	  issues which should be considered:
	</p>

	<p>
	  If you discover a bug in the program which generates the
	  configuration file, or if the format of the file changes
	  from one version to the next, you will have to arrange for
	  the postinst script to do something sensible - usually this
	  will mean editing the installed configuration file to remove
	  the problem or change the syntax.  You will have to do this
	  very carefully, since the user may have changed the file,
	  perhaps to fix the very problem that your script is trying
	  to deal with - you will have to detect these situations and
	  deal with them correctly.
	</p>

	<p>
	  If you do go down this route it's probably a good idea to
	  make the program that generates the configuration file(s) a
	  separate program in <file>/usr/sbin</file>, by convention called
	  <file><var>package</var>config</file> and then run that if
	  appropriate from the post-installation script.  The
	  <tt><var>package</var>config</tt> program should not
	  unquestioningly overwrite an existing configuration - if its
	  mode of operation is geared towards setting up a package for
	  the first time (rather than any arbitrary reconfiguration
	  later) you should have it check whether the configuration
	  already exists, and require a <tt>--force</tt> flag to
	  overwrite it.</p></sect>
    </appendix>

    <appendix id="pkg-alternatives"><heading>Alternative versions of
	an interface - <prgn>update-alternatives</prgn> (from old
    Packaging Manual)
      </heading>

      <p>
	When several packages all provide different versions of the
	same program or file it is useful to have the system select a
	default, but to allow the system administrator to change it
	and have their decisions respected.
      </p>

      <p>
	For example, there are several versions of the <prgn>vi</prgn>
	editor, and there is no reason to prevent all of them from
	being installed at once, each under their own name
	(<prgn>nvi</prgn>, <prgn>vim</prgn> or whatever).
	Nevertheless it is desirable to have the name <tt>vi</tt>
	refer to something, at least by default.
      </p>

      <p>
	If all the packages involved cooperate, this can be done with
	<prgn>update-alternatives</prgn>.
      </p>

      <p>
	Each package provides its own version under its own name, and
	calls <prgn>update-alternatives</prgn> in its postinst to
	register its version (and again in its prerm to deregister
	it).
      </p>

      <p>
	See the man page <manref name="update-alternatives"
	section="8"> for details.
      </p>

      <p>
	If <prgn>update-alternatives</prgn> does not seem appropriate
	you may wish to consider using diversions instead.</p>
    </appendix>

    <appendix id="pkg-diversions"><heading>Diversions - overriding a
    package's version of a file (from old Packaging Manual)
      </heading>

      <p>
	It is possible to have <prgn>dpkg</prgn> not overwrite a file
	when it reinstalls the package it belongs to, and to have it
	put the file from the package somewhere else instead.
      </p>

      <p>
	This can be used locally to override a package's version of a
	file, or by one package to override another's version (or
	provide a wrapper for it).
      </p>

      <p>
	Before deciding to use a diversion, read <ref
	id="pkg-alternatives"> to see if you really want a diversion
	rather than several alternative versions of a program.
      </p>

      <p>
	There is a diversion list, which is read by <prgn>dpkg</prgn>,
	and updated by a special program <prgn>dpkg-divert</prgn>.
	Please see <manref name="dpkg-divert" section="8"> for full
	details of its operation.
      </p>

      <p>
	When a package wishes to divert a file from another, it should
	call <prgn>dpkg-divert</prgn> in its preinst to add the
	diversion and rename the existing file.  For example,
	supposing that a <prgn>smailwrapper</prgn> package wishes to
	install a wrapper around <file>/usr/sbin/smail</file>:
	<example>
   dpkg-divert --package smailwrapper --add --rename \
      --divert /usr/sbin/smail.real /usr/sbin/smail
	</example> The <tt>--package smailwrapper</tt> ensures that
	<prgn>smailwrapper</prgn>'s copy of <file>/usr/sbin/smail</file>
	can bypass the diversion and get installed as the true version.
	It's safe to add the diversion unconditionally on upgrades since
	it will be left unchanged if it already exists, but
	<prgn>dpkg-divert</prgn> will display a message.  To suppress that
	message, make the command conditional on the version from which
	the package is being upgraded:
	<example>
   if [ upgrade != "$1" ] || dpkg --compare-versions "$2" lt 1.0-2; then
      dpkg-divert --package smailwrapper --add --rename \
         --divert /usr/sbin/smail.real /usr/sbin/smail
   fi
	</example> where <tt>1.0-2</tt> is the version at which the
	diversion was first added to the package.  Running the command
	during abort-upgrade is pointless but harmless.
      </p>

      <p>
	The postrm has to do the reverse:
	<example>
  if [ remove = "$1" -o abort-install = "$1" -o disappear = "$1" ]; then
     dpkg-divert --package smailwrapper --remove --rename \
        --divert /usr/sbin/smail.real /usr/sbin/smail
  fi
	</example> If the diversion was added at a particular version, the
	postrm should also handle the failure case of upgrading from an
	older version (unless the older version is so old that direct
	upgrades are no longer supported):
	<example>
  if [ abort-upgrade = "$1" ] && dpkg --compare-versions "$2" lt 1.0-2; then
     dpkg-divert --package smailwrapper --remove --rename \
        --divert /usr/sbin/smail.real /usr/sbin/smail
  fi
	</example> where <tt>1.0-2</tt> is the version at which the
	diversion was first added to the package.  The postrm should not
	remove the diversion on upgrades both because there's no reason to
	remove the diversion only to immediately re-add it and since the
	postrm of the old package is run after unpacking so the removal of
	the diversion will fail.
      </p>

      <p>
	Do not attempt to divert a file which is vitally important for
	the system's operation - when using <prgn>dpkg-divert</prgn>
	there is a time, after it has been diverted but before
	<prgn>dpkg</prgn> has installed the new version, when the file
	does not exist.</p>

      <p>
	Do not attempt to divert a conffile, as <prgn>dpkg</prgn> does not
	handle it well.
      </p>
    </appendix>

  </book>
</debiandoc>
<!-- Local variables: -->
<!-- indent-tabs-mode: t -->
<!-- End: -->
<!-- vim:set ai sts=2 sw=2 tw=76: -->
